Archive | February, 2008

SCARE – Source Code Analysis Risk Evaluation Tool

Find your website's Achilles' Heel


The Source Code Analysis Risk Evaluation project is a study to create a security complexity metric that will analyze source code and provide a realistic and factual representation of the potential of that source code to create a problematic binary. This metric will not say that the binary will be exploited nor does it do a static analysis for known limitations like vulnerabilities. However it will flag code for a particular interaction type or control and allow the developer to understand which Operational Security (OpSec) holes are not protected even if it can’t say the effectiveness of that protection at this time.

This computation will provide a final SCARE value, like the RAV, where 100% is the proper balance between controls to OpSec holes and no Limitations. Conversely, less than that shows an imbalance where too few Controls protect OpSec holes or Limitations in OpSec and Controls degrade the security.

The SCARE analysis tool is run against source code. Currently only C code is supported. The output file will contain all operational interactions possible which need controls (the current version does not yet say if and what controls are already there). At the bottom of the list are three numbers: Visibilities, Access, and Trusts. These 3 numbers can be plugged into the RAV Calculation spreadsheet available at http://www.isecom.org/ravs. The Delta value is then subtracted from 100 to give the SCARE percentage which indicates the complexity for securing this particular application. The lower the value, the worse the SCARE.

At this stage, the tool cannot yet tell which interactions have controls already or if those controls are applicable however once that is available it will change the RAV but not the SCARE. The SCARE will also not yet tell you where the bugs are in the code however if you are bug hunting, it will extract all the places where user inputs and trusts with user-accessible resources can be found in the code.

Currently, SCARE is designed to work for any programming language. While this methodology shows the C language, they need input and feedback from developers of other languages to expand this further.

If you are interested in helping with this project please contact ISECOM.

You can download SCARE here:

scare_analyst.zip

Or you can read more here.


Posted in: Countermeasures, Exploits/Vulnerabilities, Programming

Tags: , , , , , , , , , ,

Posted in: Countermeasures, Exploits/Vulnerabilities, Programming | Add a Comment
Recent in Countermeasures:
- Cuckoo Sandbox – Automated Malware Analysis System
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,149 views
- Password Hasher Firefox Extension - 117,802 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,731 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Teenage Bot Herder Admits to Infecting Military Computers

Your website & network are Hackable


Hacking for money again? Well not really in this case, more like script kiddying for money – modifying an ‘off the shelf’ malware/bot package to evade detection and then cashing in on spamware affiliate fees.

I guess they could have made much with a 400,000 bot network – by renting it out for DDoS attacks to online extortionists. Although legally that’s even more risky.

A young hacker accused of helping to corral more than 400,000 computers into a money-making botnet has pleaded guilty to criminal charges in connection with the scheme, which he admits damaged US military computers.

The defendant was identified only by the the initials B.D.H. because he was a juvenile when the crimes were committed. He is better known by the handle “SoBe” in internet relay channels frequented by hackers. He appeared in US District Court in Los Angeles on Monday, where he pleaded guilty to two counts of juvenile delinquency. His plea agreement contemplates a sentence of one year to 18 months in prison.

$58,000 in 3 months isn’t even all that much money split between 2 or 3 people…but as the article says that’s all that is on record. They could have made much more than that. Imagine one of them could be sitting on a huge Paypal account that no one knows about.

It’s like the new age of bank robbers hiding their stash in the forest…nowadays guys are hiding it online.

SoBe entered the public spotlight in November 2005 as an “unindicted co-conspirator” to Jeanson James Ancheta, who eventually pleaded guilty to four felony charges in connection with the same botnet. With SoBe located in Boca Raton, Florida, and Ancheta working in Downey, California, the two built a lucrative business by surreptitiously installing adware on computers and then pocketing affiliate fees. According to court documents, the pair collected at least $58,000 in 13 months, but it’s possible they made much more.

Among the computers infected by SoBe and Ancheta were those belonging to the Defense Information Security Agency. SoBe also claimed to have pwned machines maintained by Sandia National Laboratories.

The elder of the two was sentenced to 57 months in prison (more than 4 years) – that’s a pretty hefty sentence and a good reminder not to do anything naughty.

We are ethical hackers after all – do remember that!

Source: The Register


Posted in: Legal Issues, Malware

Tags: , , , , , , , , , , ,

Posted in: Legal Issues, Malware | Add a Comment
Recent in Legal Issues:
- The Panama Papers Leak – What You Need To Know
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,703 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,635 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,627 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows

Find your website's Achilles' Heel


NetworkMiner is a passive network sniffer/packet capturing tool for Windows with an easy to use interface. It can detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis.

NetworkMiner makes use of OS fingerprinting databases from both p0f (by Michal Zalewski) and Ettercap (by Alberto Ornaghi and Marco Valleri) in order to do as correct passive OS fingerprinting as possible. NetworkMiner also uses the MAC-vendor list from Nmap (Fyodor).

The purpose of NetworkMiner is to collect data about hosts on the network rather than to collect data regarding the traffic on the network. The main view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).

NetworkMiner can extract files transferred over the network by parsing a PCAP file or by sniffing traffic directly from the network. This is a neat function that can be used to extract and save media files (such as audio or video files) which are streamed across a network.


Another very useful feature is that the user can search sniffed or stored data for keywords. NetworkMiner allows the user to insert arbitrary string or byte-patterns that shall be searched for with the keyword search functionality.

A feature the author wants to include in future versions of NetworkMiner is to use statistical methods to do protocol identification (protocol fingerprinting) of a TCP session or UDP data. This means that instead of looking at the port number to guess which protocol is used on top of the TCP/UDP packet NetworkMiner will identify the correct protocol based on the TCP/UDP packet content. In this way NetworkMiner will be able to identify protocols even if the service is run on a non-standard port.

You can download NetworkMiner here:

NetworkMiner-0.82

Or you can read more here.


Posted in: Forensics, General Hacking, Network Hacking, Windows Hacking

Tags: , , , , , , , , ,

Posted in: Forensics, General Hacking, Network Hacking, Windows Hacking | Add a Comment
Recent in Forensics:
- Web Application Log Forensics After a Hack
- CapTipper – Explore Malicious HTTP Traffic
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,446 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 34,333 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 29,131 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Hacking Does Pay! US Law Let’s Hacker Keep Fraudulent Earnings

Your website & network are Hackable


Ah I think it’s time for controversy on a Tuesday, what do you think about this case where a hacker got some info on a company about it’s soon to be plummeting share prices by breaking into their computer. By investing $41,000 in stock potion trading on the shares that were about to drop – he pocketed almost $300,000!

Even so the story has changed slightly, they said it wasn’t him that broke into the network – but it was someone else. Either way a hacker got the info and he exploited it.

Oleksandr Dorozhko made almost $300,000 in stock-option trading by using insider information that was obtained after someone hacked into a financial network and stole confidential information concerning a company called IMS Health. Now, the Ukrainian resident is exploiting a loophole that may allow him to keep the ill-gotten gains for good.

That’s because US securities laws, unlike those in Europe and elsewhere, define insiders as those with a fiduciary role with a company – say, a corporate executive, investment banker or attorney. As a mere hacker, or as an associate to a mere hacker, Dorozhko had no such function, so the laws cannot be used to seize the assets, a federal judge has ruled.

Because he has no part in the company it cannot be considered inside trading. This means it was a legitimate transaction and he’ll get to keep the money! They can’t seize it back and it’s unlikely they’ll nail him for hacking as he lives outside of the US, also being a Ukrainian it’s unlikely even if they did go after him that they would recover any of the money.

The strange tale, which was reported here by The New York Times, reads like a chapter out of Catch 22. According to evidence presented by the Securities and Exchange Commission, minutes after someone broke into a network of Thomson Financial and stole a gloomy IMS Health earnings report scheduled to go public a few hours later, Dorozhko invested a little more than $41,000 in put options that bet the company’s share price would plunge.

And plunge it did. Dorozhko ended up pocketing more than $296,000 in the transaction. Not bad for a few hours work.

Just about everyone agrees he committed fraud and just about everyone agrees it was for the purpose of gaining an unfair advantage in trading shares of IMS Health. And yet, because the information was illegally obtained, US insider laws have no bearing, according to US District Judge Naomi Reice Buchwald, who ordered the SEC to turn over the money. Ironically, had the insider information been obtained legally, the SEC would most likely have been permitted to seize the funds.

So what do you think about this? For once the US legal system is protecting the guilty man instead of incarcerating the innocent man.

It’s a pretty interesting story though and Eastern European hackers have been guessing file names for a while and using unreleased documents to predict share prices (predictable resource location hacks).

Source: The Register


Posted in: General News, Legal Issues, Spammers & Scammers

Tags: , , , , , , , , , , , ,

Posted in: General News, Legal Issues, Spammers & Scammers | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,401 views
- eEye Launches 0-Day Exploit Tracker - 85,576 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,968 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Nessconnect 1.0.1 Released – GUI, CLI & API Client for Nessus

Find your website's Achilles' Heel


Nessconnect is an open-source software package that can connect to a Nessus or Nessus compatible server and provides an advanced graphical user interface. It also provides a command line interface, and an application programming interface in Java. Users can create custom scan profiles, generate extensive reports, and perform differential scans and analysis. Nessconnect was previously known as Nessj and Reason.

Features

Nessconnect provides an alternative interface over the standard Nessus client. It allows the user to customize the scanning preferences and available plug-ins based on a wide range of criteria. In addition to an improved graphical user interface, Nessconnect provides customized session management with templates, allowing the user to create multiple templates for different testing scenarios.

Reports are generated in XML, and XSLT style sheets can be used to easily produce customized reports, including charts/graphs. Nessconnect also supports vulnerability trending, allowing you track hosts vulnerabilities across multiple scans over a certain period. And if you prefer not to use a GUI, all these features are available via the command line.

The old Nessus interface was pretty bad, especially the Windows one, the Linux GUI was so much better and the HTML reports generated were so much better. If you like this, you can use it on both because it’s in Java it’s cross-platform.

I’m glad someone finally put some effort into an updated GUI even though Nessus is not quite so ‘free’ now.

What’s new?

  • Promoted project from beta to stable.
  • Graphical user interface layout changes.
  • Changed command line interface arguments.
  • Added the beginnings of some documentation.
  • Fixed sorting of addresses and ports; thanks to Richard van den Berg.
  • Fixed shell scripts to better handle XULRunner embedding.
  • Fixed UNC path handling issue in URLs.
  • Increased default heap size to 1 GB.
  • Name change from Nessj to Nessconnect.
  • Ownership change from Intekras to Idealogica.
  • Updated libraries.

It is of course also free and open-source.

You can download Nessconnect here:

Nessconnect (current) 1.0.1

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- shadow – Firefox Heap Exploitation Tool (jemalloc)
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,987 views
- AJAX: Is your application secure enough? - 120,149 views
- eEye Launches 0-Day Exploit Tracker - 85,576 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


laptop and data theft protection

Find your website's Achilles' Heel


A UK firm Virtuity has created data protection software called BackStopp which comes with ’self-destruct’ technology based on Wi-Fi and RFID tags that starts to run as and when a laptop is moved from its designated space.

So in layman’s terms, if the laptop is moved from its permitted zone (which is set by the user) Backstopp sends out a self-destruct message to block access and ultimately destroy data, locating the laptop using Wi-Fi and radio frequency identification technology. What’s even cooler is that any laptop featuring an in-built webcam will be prompted to start taking photographs to help identify the thief.

There are millions of people out there who keep very secure data on their laptops which, if fallen into the wrong hands can cause damage to a lot of people. This FBI/CIA type security tool brings advanced security to all laptops users at a very affordable price of £10 per laptop per month.


Posted in: Countermeasures, Forensics, Privacy

Tags: , , ,

Posted in: Countermeasures, Forensics, Privacy | Add a Comment
Recent in Countermeasures:
- Cuckoo Sandbox – Automated Malware Analysis System
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,149 views
- Password Hasher Firefox Extension - 117,802 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,731 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


SWFIntruder – Analysis and Security Testing of Flash Applications

Find your website's Achilles' Heel


With a recent spate of attacks from banner ads (many of which are using flash) this might be a useful tool if you are using flash or more accurately flash applications on your website or portal.

I did mention a Flash decompiler a while back, now we have SWFIntruder (pronounced Swiff Intruder), which is apparently the first tool specifically developed for analyzing and testing security of Flash applications at runtime.

It helps to find flaws in Flash applications using the methodology originally described in Testing Flash Applications and in Finding Vulnerabilities in Flash Applications.

Features

  • Basic predefined attack patterns.
  • Highly customizable attacks.
  • Highly customizable undefined variables.
  • Semi automated XSS check.
  • User configurable internal parameters.
  • Log Window for debugging and tracking.
  • History of latest 5 tested SWF files.
  • ActionScript Objects runtime explorer in tree view.
  • Persistent Configuration and Layout.

SWFIntruder was developed using ActionScript, Html and JavaScript resulting in a tool taking advantage of the best features of those technologies in order to get the best capabilities for analysis and interaction with the testing Flash movies.

SWFIntruder was developed by using only open source software. Thanks to its generality, SWFIntruder is OS independant.

You can download SWFIntruder here:

swfintruder-0.9.1.tgz

Or read more here.


Posted in: Forensics, Programming, Web Hacking

Tags: , , , , , , ,

Posted in: Forensics, Programming, Web Hacking | Add a Comment
Recent in Forensics:
- Web Application Log Forensics After a Hack
- CapTipper – Explore Malicious HTTP Traffic
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,446 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 34,333 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 29,131 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


UK Proposing to Disconnect Those Involved in Piracy from the Internet

Your website & network are Hackable


Ok more controversy for you guys, and once again it’s the UK leading a new initiative. This time it’s not against making hacking tools illegal, it’s against people downloading ‘pirated’ content from the Internet (using torrent sites etc.).

I do hope they can differentiate using torrents to download open source software or creative commons music and videos from the real copyrighted material. They will be basically terminating any Internet suspected of breaching copyright through file-sharing. ISP’s who fail to integrate the initiative will be liable to legal action.

It’ll be a three-strike and out system, first instance a warning, second a suspension and third finally termination.

People in the UK who go online and illegally download music and films may have their internet access cut under plans the government is considering. A draft consultation suggests internet service providers would be required to take action over users who access pirated material via their accounts.

But the government is stressing that plans are at an early stage and it is still working on final proposals.Six million people a year are estimated to download files illegally in the UK.

“The content and proposals for the strategy have been significantly developed since then and a comprehensive plan to bolster the UK’s creative industries will be published shortly,” it added.

It’s pretty worrying I think, is the UK becoming a new homeground for RIAA and MPAA? Much like the US, land of Digital Restrictions Management (DRM). I think intellectual property and copyright should be taken seriously..

But perhaps they should look at the quality of music and movies the ‘entertainment’ industry is producing, the amount they are charging and do a bit of introspection. If a movie is really good people WILL go to the cinema. If an album is good (not 2 good songs and 11 fillers) they will buy the original.

The BPI, the trade body that represents the UK record industry, said internet providers had “done little or nothing to address illegal downloading via their networks”.

“This is the number one issue for the creative industries in the digital age, and the government’s willingness to tackle it should be applauded,” said BPI chief executive Geoff Taylor.

“Now is not the time for ISPs to hide behind bogus privacy arguments, or claim the problem is too complicated or difficult to tackle.”

I’m sorry but how is the ISP going to do packet inspection for every single packet traversing it’s network, then do some kind of hash check on a bunch of combined packets in a stream (only when it’s not encrypted of course) to verify it is copyright content. You can go dropping people from their ISP because they are downloading the latest version of Ubuntu using a torrent.

Source: BBC News


Posted in: General News, Privacy

Tags: , , , , , , , , , ,

Posted in: General News, Privacy | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,401 views
- eEye Launches 0-Day Exploit Tracker - 85,576 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,968 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Russix – LiveCD Linux Distro for Wireless Penetration Testing & WEP Cracking

Your website & network are Hackable


It looks like it might be time to update our very well received list of the 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) since we have Russix now and Backtrack new version is on the way out.

Russix is a Slax based Wireless Live Linux. It has been designed to be light (circa 230Mb) and dedicated purely to wireless auditing.

It is not a script kiddy phishing tool and as such, while it will allow you to break a WEP key in 6 key strokes and conduct an “Evil Tiny Twin” attack in less than 5, it will not let you become the latest version of Barclays Bank.

Russix evolved from an internal UK Military Wireless auditing tool (debian based) which russ had developed while working for them as a penetration tester.

Russix is a free download for auditing. It scripts together several WLAN attacks and will allow the user to break a WEP key in about 6 keystrokes! It will not be modified by us to make it into a phishing tool as that would be evil.


It comprises a number of tools including aircrack-ng, cowpatty, asleap, nmap, wireshark, hydra, as well as scripted attacks to aid cracking WEP and WPA networks. Currently, it only supports Atheros based chipsets and those of you lucky enough to own 2 atheros cards will be able to use the scripted Evil Twin attack.

Interested in hearing any feedback you may have or improvements you can make.

You can download it here:

Built on 9th Dec 2007: Download latest version

Or read more here.


Posted in: Hacking Tools, Linux Hacking, Wireless Hacking

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Linux Hacking, Wireless Hacking | Add a Comment
Recent in Hacking Tools:
- DMitry – Deepmagic Information Gathering Tool
- Automater – IP & URL OSINT Tool For Analysis
- shadow – Firefox Heap Exploitation Tool (jemalloc)

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,981,478 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,434,289 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 680,895 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Apple iPhone Unlocked Again – 1.1.2 and 1.1.3 Firmware

Find your website's Achilles' Heel


Once again Apple iPhone has been unlocked by a determined youngster, the same who was amongst the first to unlock it last year winning himself a rather nice car and a few 8gb iPhones.

It just shows nothing is infallible, all he needed to find was a writable memory address and he was pretty much done (he used a much higher range of registers than previously).

A teen hacker known for his deftness with iPhones has figured out how to unlock models running the latest firmware versions by cracking a protection that has frustrated hackers for weeks.

The breakthrough by George Hotz, aka Geohot, means people who have bought a recent iPhone will once again be able to use it on the phone network of their choice. Apple makes as much as $400 for every handset that’s activated on an approved network, so its developers have worked hard to prevent the so-called unlocking of iPhones.

A very smart young man indeed, just showing 1 person can indeed defeat the security of a huge multi-national billion dollar company.

And he’s done it twice.

The latest salvo was fired late last week, following a 24-hour hacking spree by Geohot that was broken up by only three hours of sleep. It turns out the latest firmware contained modifications to the device’s memory registers to prevent unlocking. Geohot worked around those changes by finding another, much higher register that was vulnerable.

“I guess Apple thought big numbers were harder to guess,” he wrote.

He then found a way to install his custom-built code by exploiting a flaw that allowed him to erase a range of memory addresses where security software is stored.

An amazing 27% of iPhones are running on unauthorized networks which means they are cracked. Of course Apple will soon come out with a new firmware update that negates this problem….but then the game will just start all over again.

And no one doubt Geohot or someone like him will break it again.

If you want to know how to do it check out step-by-step instructions here from iClarified here.

Source: The Register


Posted in: Apple, Exploits/Vulnerabilities, Programming

Tags: , , , , , , , , ,

Posted in: Apple, Exploits/Vulnerabilities, Programming | Add a Comment
Recent in Apple:
- FBI Backed Off Apple In iPhone Cracking Case
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan
- XcodeGhost iOS Trojan Infected Over 4000 Apps

Related Posts:

Most Read in Apple:
- KisMAC – Free WiFi Stumbler/Scanner for Mac OS X - 83,001 views
- Apple Struggling With Security & Malware - 24,138 views
- Java Based Cross Platform Malware Trojan (Mac/Linux/Windows) - 15,932 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95