The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for December, 2006

Lockpicking: BMW decoder tool

Posted by Xavier Ashe on December 26, 2006

 

   

 

 

   

   

      BMW decoder tool   
Lockpicking: BMW decoder tool” on Google Video

Posted in Security | Leave a Comment »

Telecom Security Solution introduced to Asia Pacific

Posted by Xavier Ashe on December 21, 2006

The blog has been a bit quiet lately.  I have been working on a new solution that was announced at the beginning of the month.  The security concerns of telecoms and data carriers has changed a bit.  The thing I used to hear was “I only want to know about the attacks on my customers, everything else we can ignore.”  The attacks that when from one peer AS to another was of little concern.  But the attitude is changing now that these carriers are depending of their core transport for more and more revenue streams.  Mobile broadband to phones and laptops, VOIP, video, the emergence of WiMAX, and other new technologies are pushing the big carriers to rethink their security responsibility.

So a few months ago I was tapped to design what we dubbed as “Security in the Cloud”.  We needed a way to detect, manage, and mitigate security threats in the core transport of telecoms and data carriers.  What we did was talked with a few customers to figure out what was needed to step up to the challenge.  What came out of that was a collaboration of existing Tivoli software and the technology from an IBM partner, Narus.  Narus has some great detection technology for finding real threats within the massive amounts of data traversing the core backbone.  Then IBM Tivoli Security Operations Manager (TSOM) takes the Narus alert data and correlates it with existing security detection technologies to get more out of the alert data from Narus.  Then the correlated security events get passed to IBM Tivoli Netcool to be correlated and displayed along side performance and availability data.  The integration and flexibility of this solution is due to the IBM BladeCenter HT servers that makes it easy to scale to meet the demands of the Telecoms.  This combination of data allows carriers to detect and mitigate threats before they affect the performance of their network.

This solution was first introduced to the world at the ITU Telecom World in Hong Kong.  As a result of the pre-event and onsite media activities, IBM media relations teams have delivered in excess of 100 articles online and in print to date, with more articles expected in Hong Kong and mainland China. The mainland China media alone have published 59 articles on our announcements at ITU to date. Our announcements were picked up by more than 150 different news sites globally.  Here's just a few of the mentions of the solution:

Computer World Hong Kong – “ITU : Vendors roll out telco wares at ITU
InfoWorld – “IBM aims security bundle, new blade at telecom space
LighReading – “IBM Touts Telco Systems
eWeek – “IBM and Narus Offer Telecom Security Package

The development continues as we refine our offering to meet customer needs.  It's been a fun project and happy to see it making sense for so many customers.

EDIT: Just found out that IBM is now a member of the WiMAX Forum.

Posted in Personal Note | Leave a Comment »

Windows Vista crack is actually a trojan

Posted by Xavier Ashe on December 12, 2006

Malware makers are starting to take advantage of the number of users
searching for cracks for the pirated copies of Vista floating around.

A new download has started circulating around the crack boards
called “Windows Vista All Versions Activation 21.11.06”. It purports to
be an activation crack for any version of Vista.

However, the file is actually a trojan-carrier which will install Trojan-PSW.Win32.LdPinch.aze onto your PC.

BitTorrent users who posted reviews of the crack said that a number
of antivirus programs detected the malware, though Norton AntiVirus and
NOD32 did not.

From APC Mag.

Posted in Security | Leave a Comment »

NOC/SOC convergence gaining ground

Posted by Xavier Ashe on December 12, 2006

I was just reading this article
by Kelly Jackson Higgins at Dark Reading about companies converging
NOCs and SOCs. While the article's topic was very interesting, one
quote hit me in particular:
 

But that doesn't mean the NOC and SOC will completely
merge. In fact, security analysts say you need a healthy separation
between some duties, especially where security policy implementation
and auditing is concerned.

 
While I agree with this premise of separation of duties of
network people and security people, it made me think along another
tangent (surprise, surprise).  So many people are talking about
security and network convergence now.  Security is moving more and more
into the edge (the edge is still there people!).  UTM's and NAC are all
the rage.  Non-security companies are snapping up small security
companies (EMC, Citrix, etc.)  The stuff is coming together, and
security is the central focus of it all.

Read the full post by Michael R. Farnum.  More and more people are moving to ITIL's idea of managing security.  This means having your security team manage risk, write policy, and monitor compliance.  The entire IT department is your security implementors.  This requires education and tools for support, networking, and development to identify and mitigate security threat.  I would like to mention, that I have been helping IT companies merge their SOC and NOC for about a year now using IBM Tivoli Security Operations Manager.  It's really cool to see the rag-tag security team being integrated into the corporate fold.

Posted in Security | Leave a Comment »

Fake Boarding Pass Maker in trouble agian

Posted by Xavier Ashe on December 12, 2006

Last month Security Fix reported that Chris Soghoian — the Indiana University doctoral student who created an online boarding pass generator to demonstrate security holes in the Transportation Security Administration's “no-fly” list — had been cleared of any wrongdoing by the FBI and the Justice Department.

Well, turns out the guy isn't out of the woods yet.

On Wednesday afternoon, Soghoian received a letter from the TSA
informing him that the agency is conducting its own investigation into
the allegation that he “attempted to circumvent an established civil
aviation security program established in the Transportation Security
Regulations.” If Soghoian is ultimately found to have attempted said
circumvention, the TSA said, he could be subjected to civil penalties
of up to $11,000 per violation. That could be a steep fine: Something
like 35,000 people viewed and possibly used the boarding pass generator
during the less than 72 hours that it was live on his site in November.

You can read a scanned copy of the TSA letter at Soghoian's site.

From Security Fix.

Posted in Other Technology | Leave a Comment »

Wireless Video Scanner

Posted by Xavier Ashe on December 9, 2006

[aboxman] brought this nice wavecom jr mod
to my attention. I first ran across scanning for wireless video signals
a couple years ago when the X10 version came out. People were surprised
at just how many video signals were flying through the air.This little
project results in a unit that can scan a wide 2.3 to 2.7Ghz range. Of
course, if you're across the pond, you might want a european version.

Ooh, I found my next project!  From Hack-a-Day.

Posted in For Fun, Other Technology | Leave a Comment »

Pirates crack Vista Activation Server

Posted by Xavier Ashe on December 8, 2006

Pirates have released another ingenious workaround to Vista's copy
protection: a hacked copy of Microsoft's yet-to-be-released volume
licencing activation server, running in VMware.

Volume Activation 2.0 is one of the more controversial features of
Vista: it means that every copy of Vista has to be activated, even the
Business/Enterprise volume licenced editions.

However, to make life easier for administrators, Microsoft worked in
a more convenient system of in-house for en masse activation of PCs
called KMS – Key Management Service.

The idea behind KMS is that you have a single PC running KMS which
can then handle activation for all your Vista clients, so that they
don’t have to connect back to Microsoft every single time.

The downside of KMS is that the activation is only good for 180
days, to discourage people bringing in their home systems, activating
them and wandering off again.

Bearing in mind that KMS wasn’t scheduled to be released until next
year, pirates have managed to get hold of KMS and produce a standalone,
fully-activated KMS server called “Windows Vista Local Activation
Server – MelindaGates”. Tongue-in-cheek of course…the first “cracked”
version of Vista was called Vista BillGates.

Read the full article on APC Magazine.  A quick search shows it on several torrent sites already.

Posted in Security | Leave a Comment »

PSP already capable of emulating 3.01 without updating

Posted by Xavier Ashe on December 8, 2006

After just a few days since the release of Sony's latest PSP firmware update, it has already been cracked and is now being emulated on PSPs with older firmware versions.

There are no news yet regarding the Playstation 1 emulator
compatibility with this method, but even if there is, I doubt Sony will
allow people to purchase and play games on 3.01 PSPs for very long.

It's a never ending battle, instead of what could have been a long
and prosperous relationship. People like to have homebrew software in
their consoles, but they also enjoy great (and fun) games, and right
now, if you buy a PSP, it doesn't deliver much of those two.

From Forever Geek.

Posted in PSP Hacks | Leave a Comment »

Personal firewall for the RFIDs you carry

Posted by Xavier Ashe on December 7, 2006

A Platform for RFID Security and Privacy Administration is a paper by
Melanie R. Rieback and Georgi N. Gaydadjiev that won the award for Best
Paper at the USENIX LISA (Large Installation Systems Administration)
conference today. It proposes a “firewall for RFID tags” — a device
that sits on your person and jams the signals from all your personal
wireless tags (transit passes, etc), then selectively impersonates them
according to rules you set. Your contactless transit card will only
send its signal when you authorize it, not when some jerk with an RFID
scanner snipes it as you walk down the street. The implementation
details are both ingenious and plausible — it's a remarkable piece of
work. Up until now, the standard answer to privacy concerns with RFIDs
is to just kill them — put your new US Passport in a microwave for a
few minutes to nuke the chip. But with an RFID firewall, it might be
possible to reap the benefits of RFID without the cost.

This is a must-read paper for anyone who cares about electronic privacy and who wants to catch a glimpse of the future.

Download the full paper (PDF). [via]

Posted in Privacy | Leave a Comment »

U.S. Cyber Consequences Unit Cyber-Security Checklist

Posted by Xavier Ashe on December 1, 2006

We have just this week finished the final release version of our cyber-security check list.  A bookmarked pdf copy of it is attached to this e-mail.

This final version takes account of the large number suggestions that we received after circulating the draft versions.  There were a few additional suggestions that seemed excellent, but that we weren't able to include at this point, because they were either too detailed or too much ahead of current defender and attacker practices.  We intend to do an annual update of the check list, however, so some of the suggestions that were omitted this time will probably be included in the future.

We are now ready for this check list to be posted on any responsible and well-run website that would be interested in posting it.  In fact, since our own website still isn't back up, we are currently relying on other websites to get this check list to cyber-security professionals around the world as soon as possible.

We are exploring the possibilities for developing additional versions of this check list tailored to specific critical infrastructure industries and also the possibility of providing an interactive version in collaboration with another organization.

We are very interested in hearing from people who might want to translate this check list into other languages and who have the technical understanding necessary to do so.

Recent developments in the hacker world are making some of the newer counter-measures described in this check list increasingly urgent.  We have not yet heard what status this check list will be accorded by the relevant government departments, but the earlier drafts were extremely well received by leading cyber-security professionals, both inside and outside government, so we expect this check list will be put into widespread use fairly rapidly.

As far as we know, this is now the most comprehensive and most up-to-date cyber-security check list available.  We hope to maintain this status for the check list by continuing to revise it annually in the light of our own ongoing work and in the light of the further suggestions we receive from other cyber-security practitioners.

We hope this final version of the check list is useful to you and would greatly welcome your comments.

Best wishes,

Scott

Scott Borg
Director and Chief Economist
U.S. Cyber Consequences Unit

The U.S. Cyber Consequences Unit is an independent
research group that supplies DHS with information on the consequences
of cyber-attacks and evaluate the cost-effectiveness of
countermeasures. As part of this work, director and chief economist
Scott Borg and research director John Bumgarner began on-site visits to
evaluate systems in critical industry sectors.  Read more the
U.S. Cyber Consequences Unit here.

You can download the PDF here.

Posted in Security | Leave a Comment »

ATM system called unsafe

Posted by Xavier Ashe on December 1, 2006

Researchers who work for an Israeli computer security company say
they have discovered a fundamental weakness in the system that banks
use to keep debit card PIN codes secret while they are transported
across bank networks – a flaw that they say could undermine the entire
debit card system.

The U.S. Secret Service is investigating the matter, and MSNBC.com
obtained a memo compiled by the agency that indicates that organized
criminals are systematically attempting to subvert the ATM system and
unscramble encrypted PIN traffic.

The report has ignited a debate within the banking industry, with
many financial industry experts downplaying the seriousness of the flaw
and outside experts divided on its implications. But there is no
disputing the impact that such a hack would have if successful.

I generally don't like posting “the sky is falling” articles, but this is an interesting possibility. Read the full article from MSNBC.

Posted in Security | Leave a Comment »

 
%d bloggers like this: