Zeus returns: FBI warns of ‘Gameover’ ID-theft malware

Posted on January 10, 2012 by mea

The FBI said the phishing lures typically includes a link in the e-mail that goes to a phony website. ”Once you’re there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information,” it warned.

via Zeus returns: FBI warns of ‘Gameover’ ID-theft malware | ZDNet.

Hmmm. You must have to do something to “inadvertently” download the malware. I’d like to see this website and how they do it but no link or no example. This story sounds fishy.

The Darknet Project

Posted on January 9, 2012 by mea

Enter the Darknet! A Darknet is a portion of routed, allocated IP space in which no active services or servers reside. These are “dark” because there is, seemingly, nothing within these networks.

via The Darknet Project – Team Cymru.

Diebold Virtualizes ATMs To Secure Banking Data

Posted on January 4, 2012 by mea

Diebold Virtualizes ATMs To Secure Banking Data – – Storage Virtualization – Informationweek.

Hackers–in some cases, company insiders–have put card readers on gas station service pumps and customer checkout machines in supermarkets, storing customer data in an encrypted file that can be downloaded by the hackers. Virtualization combats such attempts by making such a reading device an instantly identifiable interloper, since the endpoint device no longer needs any memory-equipped accessory.

WiFi Protected Setup Flaw Can Lead to Compromise of Router PINs

Posted on December 27, 2011 by mea

WPS is a method for setting up a new wireless router for a home network and it includes a way for users to set up the network via an external or internal registrar. In this method, the standard requires a PIN to be used during the setup phase. The PIN often is printed somewhere on the wireless router or access point. The vulnerability discovered in WPS makes that PIN highly susceptible to brute force attempts.

via WiFi Protected Setup Flaw Can Lead to Compromise of Router PINs | threatpost.

“I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide,” Viehbock said in a blog post.

OLPC Bitfrost – OLPC

Posted on December 21, 2011 by mea

There are five broad categories of “bad things” that running software could do, for the purposes of our discussion. In no particular order, software can attempt to damage the machine, compromise the user’s privacy, damage the user’s information, do “bad things” to people other than the machine’s user, and lastly, impersonate the user.

via OLPC Bitfrost – OLPC.

No-permission Android App Gives Remote Shell

Posted on December 20, 2011 by mea

To demonstrate this we’ve built an app which requires no permissions and yet is able to give an attacker a remote shell and allow them to execute commands on the device remotely from anywhere in the world.

via No-permission Android App Gives Remote Shell – viaForensics « viaForensics.

Here is a paper.

4.3 Dealing with Static ARP Tables

Posted on December 8, 2011 by mea

If the LAN you are sniffing uses static ARP mapping, or retains ARP information for a very long time, normal ARP poisoning will not work because each host ignores any ARP Reply messages you send.

via 4.3 Dealing with Static ARP Tables – Security.

Arp Cache Poisoning and Packet Sniffing

Posted on December 8, 2011 by mea

Arp cache poisoning puts the attacker in position to intercept communications between the two computers. Computer A believes it is communicating with Computer B, but because of the poisoned arp table, the communication actually goes to the attacker’s computer. The attacker can then either respond to Computer A (pretending to be Computer B), or simply forward the packets to its intended destination, but only after the packet information is captured and logged for later use by the attacker. Likewise, the response from Computer B can be captured and logged by the attacker, who has also used Arp poisoning to make Computer B think the attacker’s computer is Computer A. This type of attack is known as Man in the Middle attack.

via Arp Cache Poisoning and Packet Sniffing – ADMIN | The resource for all system administrators.

Loopholes in Verified by Visa & SecureCode

Posted on December 3, 2011 by mea

At issue is a security protocol called “3 Domain Secure,” (3DS), a program designed to reduce card fraud and shift liability for fraud from online merchants to the card issuing banks. Visa introduced the program in 2001, branding it “Verified by Visa,” and MasterCard has a similar program in place called “SecureCode.”

Cardholders who chose to participate in the programs can register their card by entering the card number, filling in their ZIP code and birth date, and picking a passcode. When cardholders go to use that card at a merchant site that uses 3DS, the shopper then enters the code, which verified by the issuing bank and is never shared with the merchant site.

via Loopholes in Verified by Visa & SecureCode — Krebs on Security.

Linux: The hole trick to bypass firewall restriction

Posted on December 1, 2011 by mea

Linux: The hole trick to bypass firewall restriction.

As long as remote is behaving itself, it will send back a “port unreachable” response via ICMP – however this is of no consequence. On the second attempt
remote# echo "hello" | nc -p 53 -u local-fw 14141
The netcat listener on console local/1 then coughs up a “hello” – the UDP packet from outside has passed through the firewall and arrived at the computer behind it.

Bucktown Bell

Cut to the chase.

Tag Archives: security