Court blocks the publication of a scientific paper

Posted on July 28, 2013 by mea

The English High Court (the highest civil court) has blocked the publication of a scientific paper that would have revealed the full details of a zero day vulnerability in Volkswagen’s immobiliser mechanisms – the temporary injunction against publication has been granted to stop the publication of “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer” – due to be presented at a Usenix security conference.

via Court blocks the publication of a scientific paper | cartesian product.

NSA Award for Best Scientific Cybersecurity Paper

Posted on July 28, 2013 by mea

In accepting the award I don’t condone the NSA’s surveillance. Simply put, I don’t think a free society is compatible with an organisation like the NSA in its current form. Yet I’m glad I got the rare opportunity to visit with the NSA and I’m grateful for my hosts’ genuine hospitality. A large group of engineers turned up to hear my presentation, asked sharp questions, understood and cared about the privacy implications of studying password data. It affirmed my feeling that America’s core problems are in Washington and not in Fort Meade. Our focus must remain on winning the public debate around surveillance and developing privacy-enhancing technology. But I hope that this award program, established to increase engagement with academic researchers, can be a small but positive step.

via Light Blue Touchpaper » Blog Archive » NSA Award for Best Scientific Cybersecurity Paper.

True tales of mostly white-hat hacking

Posted on July 22, 2013 by mea

Here are five true tales of bringing down the baddies. I can’t say I’m proud of all the things I did, but the stories speak for themselves. Got one of your own to pass along? Send it my way, or share it in the comments.

via True tales of mostly white-hat hacking | Security – InfoWorld.

Posing as a regular customer, we complained that we thought someone was attacking our cable box and asked if the technician could take a look at our device’s firewall log to confirm. A few minutes later up popped the technician’s shadow and passwd password files. When executed, our encoded malicious JavaScript packet would look for various password and configuration files and, if found, send them back to us. The technician had viewed the firewall log, the XSS had launched, and we ended up with the company’s enterprise-wide root password. All of this hacking occurred in about six hours. In less than a day we had fatally compromised the set-top box and pwned the whole company.

HP D2D/StoreOnce Backdoor

Posted on June 26, 2013 by mea

HP’s D2D product line, which has recently been rebranded “StoreOnce”, is effectively an expensive software platform.

via HP D2D/StoreOnce Backdoor.

Open up your favourite SSH client, key in the IP of an HP D2D unit. Enter in yourself the username HPSupport, and the password which has a SHA1 of 78a7ecf065324604540ad3c41c3bb8fe1d084c50. Say hello to an administrative account you didn’t know existed.

Under the Hood: Banking Malware

Posted on June 4, 2013 by mea

After 48 hours (and two all-nighters in a row) I logged onto the (now really REALLY) infected computer, complete with shiny new malware updates. I surfed to Bank of America’s web page, and found what I was looking for– a Man-In-The-Browser attack in action!

via Under the Hood: Banking Malware » LMG Security Blog.

We cover malware network forensics, web proxies and flow analysis during Days 3-4 of the Network Forensics class. We’ll be teaching next at Black Hat USA, July 27-30. Seats are limited, so sign up soon!

Department Of Labor Attack Points To Industry Weaknesses

Posted on May 9, 2013 by mea

“This is basically the same pattern that a lot of advanced malware is taking today,” says Srinivas Kumar, CTO of TaaSERA. By taking a multi-stage approach and going after server-side vulnerabilities at legitimate sites, the attackers can be assured that unsuspecting visitors to the site are more likely to trust links redirecting to malware-laden sites, he says.

via Department Of Labor Attack Points To Industry Weaknesses — Dark-Reading

Apparently the Department of Labor’s site was hosting links to malware. Usually users get hacked by sites hosting compromised advertisements.

Possible Exploit Vector for DarkLeech Compromises

Posted on April 29, 2013 by mea

The script attempted to exploit the Horde/IMP Plesk Webmail Exploit in vulnerable versions of the Plesk control panel. By injecting malicious PHP code in the username field, successful attackers are able to bypass authentication and upload files to the targeted server. These types of attacks could be one avenue used in the DarkLeech compromises. Although not as common as the Plesk remote access vulnerability (CVE-2012-1557) described in the report, it does appear that this vulnerability is being actively exploited.

via Possible Exploit Vector for DarkLeech Compromises.

Internet bad neighborhoods

Posted on March 15, 2013 by mea

The idea behind the Internet Bad Neighborhood concept is that the probability of a host in behaving badly increases if its neighboring hosts (i.e., hosts within the same subnetwork) also behave badly. This idea, in turn, can be exploited to improve current Internet security solutions, since it provides an indirect approach to predict new sources of attacks (neighboring hosts of malicious ones).

via Internet bad neighborhoods – UTpublications.

This is a good start in developing some kind of IP blacklist.

BackTrack successor Kali Linux launched

Posted on March 13, 2013 by mea

Outwardly, Kali looks the same as the previous version of BackTrack. But dig a little deeper, according to founder Mati Aharoni, and that’s where the similarities end.

“It boots like BackTrack, but when you look deeper into Kali, you see all these amazing new features that just weren’t available in BackTrack,” Aharoni told SC speaking ahead of the launch in Amsterdam.

via BackTrack successor Kali Linux launched – Applications – SC Magazine Australia – Secure Business Intelligence.

From Kali’s site comes this:

What’s New in Kali Linux

From an end user perspective, the most obvious change would be the switch to Debian and an FHS-compliant system. What this means is that instead of having to navigate through the /pentest tree, you will be able to call any tool from anywhere on the system as every application is included in the system path. However, there’s much hidden magic in that last sentence. I’ll quickly list some of the new benefits of this move.

Backtrack has been a very useful resource for me and prominently listed in the Tools section on this site. One of the main features that I gleaned from this release is support for ARM. I haven’t poked around the site or created a Kali VM to play with yet. Will report whatever I observe later.

Five Ways To Better Hunt The Zebras In Your Network

Posted on March 10, 2013 by mea

There are a lot of decent threat sources out there today, and inexpensive tools that can be used to combine them with firewall data, he says.

“For someone that is low on budget, you can perform this with existing log aggregation tools, but I would not try to do this by hand,” Brazil says, who is a big proponent of security information and event monitoring (SIEM) systems.

via Five Ways To Better Hunt The Zebras In Your Network – Dark Reading.

Bucktown Bell

Cut to the chase.

Tag Archives: security research