Archive | April, 2008

Hackers Could Become The Hacked?

Your website & network are Hackable


It looks like someone is going after the bad guys in a new way, by hacking them back! It’s no news to us that many hacking tools and script kiddy trojan kits are badly programmed..a lot of them have back-doors and the client-side tools have easy exploits that enable you to take over the ‘hackers’ machine.

It’s certainly an interesting approach.

Eriksson, a researcher at the Swedish security firm Bitsec, uses reverse-engineering tools to find remotely exploitable security holes in hacking software. In particular, he targets the client-side applications intruders use to control Trojan horses from afar, finding vulnerabilities that would let him upload his own rogue software to intruders’ machines.

He demoed the technique publicly for the first time at the RSA conference Friday.

“Most malware authors are not the most careful programmers,” Eriksson said. “They may be good, but they are not the most careful about security.”

He’s turned his attention to quite a few of the more popular pieces of mass-distributed malware and found holes in all of them. Those labeled as Remote Administration Tools (RATs) were extremely popular back in the days when Back Orifice, Netbus and Deepthroat first hit the scene. They are still used nowadays but there are newer variants.

Eriksson first attempted the technique in 2006 with Bifrost 1.1, a piece of free hackware released publicly in 2005. Like many so-called remote administration tools, or RATs, the package includes a server component that turns a compromised machine into a marionette, and a convenient GUI client that the hacker runs on his own computer to pull the hacked PC’s strings.

Pcshare_2Using traditional software attack tools, Eriksson first figured out how to make the GUI software crash by sending it random commands, and then found a heap overflow bug that allowed him to install his own software on the hacker’s machine.

The Bifrost hack was particularly simple since the client software trusted that any communication to it from a host was a response to a request the client had made. When version 1.2 came out in 2007, the hole seemed to be patched, but Eriksson soon discovered it was just slightly hidden.

It’ll be interesting to see what else he comes up with and if he can break into any of the big botnets like Storm or Kraken using this method.

That would certainly herald some interesting news.

Source: Wired Blog and thanks to Pantagruel for the heads up.


Posted in: Exploits/Vulnerabilities, Malware

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Malware | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,729 views
- AJAX: Is your application secure enough? - 120,086 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


sqlninja 0.2.2 Released for Download – SQL Injection Tool

Your website & network are Hackable


Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

It is written in Perl, it is released under the GPLv2 and so far has been successfully tested on:

  • Linux
  • FreeBSD
  • Mac OS X

Features

  • Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, authentication mode)
  • Bruteforce of ‘sa’ password, both dictionary-based and incremental
  • Privilege escalation to ‘sa’ if its password has been found
  • Creation of a custom xp_cmdshell if the original one has been disabled
  • Upload of netcat.exe (or any other executable) using only 100% ASCII GET/POST requests, so no need for FTP connections
  • TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
  • Direct and reverse bindshell, both TCP and UDP
  • DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames

What’s new

  • Evasion techniques, in order to obfuscate the injected code and confuse/bypass signature-based IPS and application firewalls
  • A more sophisticated upload module
  • A new ‘blind execution’ attack mode, useful to issue commands and performs diagnostics when other modes fail
  • Automatic URL-encoding now is performed only on sqlninja generated SQL code, giving the user a more granular control on the exploit strings

You can download Sqlninja 0.2.2 here:

sqlninja-0.2.2.tgz

Or read more here.


Posted in: Database Hacking, Hacking Tools

Tags: , , , , , , , , , , ,

Posted in: Database Hacking, Hacking Tools | Add a Comment
Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 76,379 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,382 views
- SQLBrute – SQL Injection Brute Force Tool - 40,914 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Keep on Fuzzing! Advice

Your website & network are Hackable


As you will have noticed we’ve posted quite a number of Fuzzing Tools built around different frameworks and in different languages..most for difference targets/purposes too.

Fuzzing has definitely exploded in the last year or so as more people try and understand it and code tools to automate the process. There are tools for Web Services Fuzzing, Web Application Fuzzing and XML Fuzzing.

“Fuzzing has been a round a while – but we are seeing it becoming much higher profile now. Everyone wants it although they don’t necessarily understand it,” principal security consultant for Leviathan Security Michael Eddington told Reg Dev ahead of his RSA presentation.

Eddington hopes to give RSA attendees a better grasp of fuzzing. The top line is fuzzing needs to be factored into the development lifecycle along with other security tests. “The advantage of fuzzing is that it gets round the problem of making assumptions in testing – it stops us being too smart and missing the obvious,” Eddington said.

People are getting more interested in fuzzing and as with penetration testing I’m sure there will be more and more service requests for fuzzing even though people aren’t really sure what it means. The same went for SQL Injection and XSS attacks over the past couple of years.

“Fuzzing is useful for finding bugs in bad code. The number-one mistake application developers make in testing is that they expect data to arrive in a certain order and fuzzing can get round this. But the trick is to know when to stop fuzzing and how to move on to other techniques such as static analysis,” he said.

Chess advocates established code-coverage metrics – such as statement coverage – to work out when fuzzing has done its job. “Once the code-coverage metric has flattened out you know that its time to move on to other test methods. It’s important to find the balance between dynamic-testing techniques like fuzzing and static analysis,” Chess said.

I agree that fuzzing is certainly a faster way of analyzing code and looking for problems and bugs, code auditing takes a very very long time and is extremely tedious.

Breaking apps from the outside is far less hands on but will still show up the same problems. As mentioned in the article though there is still a place for static analysis.

Source: The Register


Posted in: Exploits/Vulnerabilities, Programming

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, Programming | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,729 views
- AJAX: Is your application secure enough? - 120,086 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


WSGW – Web Security Gateway for Secure Apache

Find your website's Achilles' Heel


The Web Security Gateway is a security-centric distribution of the Apache web server, bundled with additional security modules, and configured as a front-end (reverse) HTTP proxy. The goal is to mirror most of the features of commercial web application “firewalls”, with free and Open-Source software.

The Web Security Gateway provides a configurable caching, authentication, input validation, and IDS / IPS layer for web applications. It can be placed in front of diverse web environments, and is capable of protecting almost any web application, without modifications to the code running on the protected app.

Architecture

The concept of the WSGW is simple.

With Apache2, mod_filter and the integration of PCRE have made Apache extremely flexible as a content-aware application platform. Since Apache also has extensive support for proxying, it’s possible to create a front-end proxy that inspects, validates, and rewrites application content.

The WSGW can fill the gap for applications missing input validation layers, and give website administrators a first line of defense for both known and emerging attacks on web applications.

Since the WSGW will be the front-end for web traffic in a web environment, it’s also possible to integrate authentication, traffic reporting, SSL, and load balancing.

Shawn Moyer presented a talk on the WSGW concept at BlackHat USA 2006. The talk gives an overview of some of the ideas that led to the WSGW concept, and some configuration examples. You can download a copy of the talk here.

You can download WSGW here [PDF].

Initial build (bzip2)
Initial build (tar.gz)

Or read more here.


Posted in: Countermeasures, Web Hacking

Tags: , , , , , , , , , , , ,

Posted in: Countermeasures, Web Hacking | Add a Comment
Recent in Countermeasures:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,086 views
- Password Hasher Firefox Extension - 117,772 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,723 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Spammers Harnessing Web Mail Servers – Gmail & Yahoo! Throttled

Your website & network are Hackable


It seems like spammers are now moving to automated spam via popular web mail services as a way to bypass IP-blacklisting services.

It’s a large advantage for them as they can still use botnet sources to generate the e-mail but the source IP address will be from a ‘trusted’ domain such as Gmail or Yahoo!.

The growing abuse of webmail services to send spam has led anti-spam services to throttle messages from Gmail and Yahoo!

Over recent months security firms have reported that the Windows Live CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) used by Hotmail, and the equivalent system at Gmail, have been broken by automated attacks.

CAPTCHAs typically help ensure that online accounts can’t be created until a user correctly identifies letters depicted in an image. The tactic is designed to frustrate the use of automated sign-up tools by spammers and other miscreants.

Obtaining a working Gmail account has a number of advantages for spammers. As well as gaining access to Google’s services in general, spammers receive an address whose domain is highly unlikely to be blacklisted, helping them defeat one aspect of anti-spam defences. Gmail also has the benefit of being free to use.

I think we are only going to see the percentages go up as spammers find it’s more effective to send their junk from web based email services. Now they can ship out the CAPTCHA breaking to sweatshops in India for peanuts, it’s a good solution to a lot of the problems they face when sending bulk mail.

An analysis of spam trends in February 2008 (the last available monthly figures) by MessageLabs revealed that 4.6 per cent of all spam originates from web mail-based services.

The proportion of spam from Gmail increased two-fold from 1.3 per cent in January to 2.6 per cent in February, most of which spamvertised skin-flick websites. Yahoo! Mail was the most abused web mail service, responsible for sending 88.7 per cent of all web mail-based spam.

It was first thought that automated tools were used by spammers to defeat security checks and establish webmail accounts that might later be abused to send junk. More organisations are coming around to the theory, first floated by Brad Taylor, a Google software engineer, that bots are signing-up for accounts before sending the puzzles to real people.

It costs them as little as $4 a day to hire someone to break CAPTCHAs from the webmail sites. It’s a known fact they are making huge amounts of money so this is a small payout for them to ensure more mail gets past traditional spam filters.

Source: The Register


Posted in: Exploits/Vulnerabilities, Spammers & Scammers

Tags: , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Spammers & Scammers | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,729 views
- AJAX: Is your application secure enough? - 120,086 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Wfuzz v1.4 Released for Download – Bruteforcing & Fuzzing Web Applications

Your website & network are Hackable


A new version of Wfuzz is available, many improvements and fixes since first release which was in the middle of 2007. Fuzzing is definitely in, an article was posted recently about how everyone should keep on fuzzing! Will post it up soon.

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources that are not publically linked such as directories & files, it can bruteforce HEADERS, GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), it can also bruteforce forms parameters (User/Password) and carry out general Fuzzing,etc.

Functions

  • Recursion (When doing directory bruteforce)
  • Post, headers and authentication data bruteforcing
  • Output to HTML (easy for just clicking the links and checking the page, even with postdata!!)
  • Colored output on all systems
  • Hide results by return code, word numbers, line numbers, etc.
  • Many Encodings (random_upper, urlencode, sHA1, bin_ascii, base64, double_nibble_hex, uri_hex, md5, double_urlencode etc)
  • Cookies fuzzing
  • Multi-threading
  • Proxy support
  • Multiple FUZZ capability with multiple dictionaries
  • Authentication support (NTLM, Digest, Basic)
  • All parameter bruteforcing (POST and GET)
  • Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more)

The tool is based on dictionaries and ranges, you choose where you want to bruteforce just by replacing the part of the URL or the POST by the keyword FUZZ.

You can download wfuzz v1.4 here:

Wfuzz 1.4 – Source (20/01/2008)
Wfuzz 1.4b – Windows binary (17/02/2008)

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,699 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,418,413 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,678 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Kraken Botnet Twice The Size Of Storm

Your website & network are Hackable


We wrote a while back about a new wave of sophisticated botnets, which were predicted to overtake Storm and become the largest infectors online.

It seems like it’s come true, after extensive research Damballa has uncovered the biggest botnet ever, which at present has over 400,000 unique IPs (in a space of only 24 hours) which is more than double that of storm.

Imagine the kind of traffic that could produce in a concentrated DDoS attack?

Researches have unearthed what they say is the biggest botnet ever. It comprises over 400,000 infected machines, more than twice the size of Storm, which was previously believed to be the largest zombie network.

Machines from at least 50 Fortune 500 companies have been observed to be running the malicious software that’s at the heart of “Kraken,” the botnet that security firm Damballa has been tracking for the last few weeks. So far, only about 20 percent of the anti-virus products out there are detecting the malware. Just as a con artist might throw off detectives by changing his hair color or other physical characteristics, Kraken’s ability to morph its code base has allowed it to evade the majority of malware detectors.

“Kraken, despite being on all these people’s computers, has such low anti-virus coverage,” said Paul Royal, principal researcher at Atlanta-based Damballa. “Anti-virus companies can’t keep up with the arms race because of the number of variants and the frequency of the updates.”

It’s a sad fact that only 20% of AV products actually detect the malware part of the infection. Kraken morphs its’ codebase which certainly makes it more difficult to recognise. It’s also frequently updated and seem to evade even the more advanced security protection that companies use like firewalls with AV capability, IDS and IPS.

Kraken’s primary activity is sending spam that advertises high-interest loans, male-enhancement techniques, fake designer watches and gambling opportunities. Damballa has observed as many as 500,000 pieces of junk mail being sent from a single zombie.

Estimates have varied wildly for the number of bots belonging to the Storm network. While some researchers have said millions of machines have been compromised, MessageLabs in February put the number of nodes at just 85,000. Whatever the number – Damballa estimates Storm has 200,000 victim – it was believed to be the biggest.

Until now, that is. It has clearly been eclipsed by Kraken, which on March 25 was observed to have compromised 409,912 unique IP addresses during a 24-hour period. Royal predicted the number will grow to more than 600,000 in the next two weeks.

It’s sending out a scary amount of spam…with 500,000 being sent from a single IP and there being 400,000 unique IPs in the network, that’s a hell of a lot of junk mail that can be sent out in one day.

It seems like the guys doing this have a lot to gain financially so they are getting more and more advanced, more for us to fight against eh?

Source: The Register


Posted in: Malware, Spammers & Scammers

Tags: , , , , , , , , ,

Posted in: Malware, Spammers & Scammers | Add a Comment
Recent in Malware:
- movfuscator – Compile Into ONLY mov Instructions
- MISP – Malware Information Sharing Platform
- PEiD – Detect PE Packers, Cryptors & Compilers

Related Posts:

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,488 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,617 views
- US considers banning DRM rootkits – Sony BMG - 44,982 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


March Commenter of the Month Competition Winner!

Your website & network are Hackable


Competition time again!

As you know we started the Darknet Commenter of the Month Competition on June 1st 2007 and it’s been running since then! We have just finished the tenth month of the competition in March and are now in the eleventh, starting a few days ago on April 1st – Sponsored by GFI.

We are offering some pretty cool prizes like iPods and PSPs (or similar), along with cool GFI merchandise like shirts, keyrings and mugs.

And now the winner will also get a copy of the Ethical Hacker Kit.

GFI Goodies

Keep up the great comments and high quality interaction, we really enjoy reading your discussions and feedback.

Just to remind you of the added perks, by being one of the top 5 commenter’s you also have your name and chosen link displayed on the sidebar of every page of Darknet, with a high PR5 (close to 6) on most pages (4000+ spidered by Google).

So announcing the winner for March…it’s Pantagruel! It was pretty close between Pantagruel and zupakomputer at the end of the month with a difference of only 4 comments!

Pantagruel I did say I thought it was your turn this month! I was right.

Commenter March

March was a little slower than February, but was still a good month for discussions. I’d like to thank you all for your participation! I hope it keeps getting better as 2008 develops with more interesting news and tools. Keep up the excellent discussions, it’s very interesting reading especially on some of the more controversial topics.

Thanks to everyone else who commented and thanks for your links and mentions around the blogosphere!

Feel free to share Darknet with everyone you know :)

Keep commenting guys, and stand to win a prize for the month of April!

We are still waiting for pictures from backbone, Sandeep and TRDQ, dirty and dre, eM3rC (we can’t reach you to deliver the prizes), Sir Henry and goodpeople of themselves with their prizes!

Winner for June 2007 was Daniel with 35 comments.
Winner for July 2007 was backbone with 46 comments.
Winner for August 2007 was TheRealDonQuixote with 53 comments.
Winner for September 2007 was Sandeep Nain with 32 comments.
Winner for October 2007 was dre with 19 comments.
Winner for November 2007 was dirty with 38 comments.
Winner for December 2007 was Sir Henry with 84 comments.
Winner for January 2008 was goodpeople with 66 comments.
Winner for February 2008 was eM3rC with 122 comments.


Posted in: Site News

Tags: , , , , , , , , , , ,

Posted in: Site News | Add a Comment
Recent in Site News:
- A Look Back At 2015 – Tools & News Highlights
- A Look Back At 2014 – Tools & News Highlights
- Yes – We Now Have A Facebook Page – So Please Like It!

Related Posts:

Most Read in Site News:
- Welcome to Darknet – The REBIRTH - 36,584 views
- Get the ball rollin’ - 18,999 views
- Slashdot Effect vs Digg Effect Traffic Report - 12,256 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


ProxyStrike – Active Web Application Proxy

Find your website's Achilles' Heel


ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so ProxyStrike was born.

Right now it has available SQL injection and XSS modules. Both modules are designed to catch as many vulnerabilities as they can, it’s that why the SQL Injection module is a Python port of the great “SQLibf“.

The process is very simple, ProxyStrike runs like a passive proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won’t see any different in the behaviour of the application, but in the background is very active.

Features:

  • HTTP request/response history
  • Request parameter stats
  • Request parameter values stats
  • Request URL parameter signing and header field signing
  • Use of an alternate proxy (tor for example)
  • SQL attacks
  • XSS attacks
  • Export results to HTML or XML
  • Console version (python proxystrike.py -c / proxystrike.exe -c)

You can download ProxyStrike here:

ProxyStrike v1.0 (Windows) (26/03/2008)
ProxyStrike v1.0 (Linux/OSX) (26/03/2008)

Or read more here.


Posted in: Hacking Tools, Network Hacking, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,699 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,418,413 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,678 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Biometric Keylogger Can Grab Fingerprints

Find your website's Achilles' Heel


Well this is quite scary as biometrics are touted as the ultimate in security and two factor authentication with biometrics is about as ‘heavy’ as most places get.

The fact that the biometric data can be ‘sniffed’ reconstructed and re-used…is worrying to say the least. Do any of you have biometric measures in your workplace?

A British researcher has developed a biometric keylogger of sorts that can capture fingerprints required to unlock building doors or gain access to computer networks or other restricted systems.

For now, the Biologger is a proof-of-concept aimed at showing the insecurity of many biometric systems, according to Matthew Lewis, who demonstrated the tool at last month’s Black Hat Amsterdam conference. But the researcher, who works for Information Risk Management, warns the attack could become commonplace if current practices don’t change and could be used to log images of retinas, facial features and any other physical characteristics used by biometric systems.

“Biometric device manufacturers and system integrators cannot rely on security through obscurity alone for the overall security of their devices and systems,” he writes in this white paper (PDF). “Without adequate protection of the confidentiality, integrity and availability of biometric access control devices and their data, the threat of “Biologging” activities within those enterprises employing such access controls is real.”

An interesting read, and yes it seems ‘biologging’ is a real threat. A lot of these system designers and integrators/implementers don’t really have a grip on architecture security.

They just assume biometrics = safe and disregard how it’s implement, how safe the data is, how it’s stored and what state it’s in during transit (unencrypted?).

Lewis was also able to issue commands to the access control device that enabled him to unlock doors and add new users with full administrative rights without presenting a fingerprint. That’s because the device needed a single 8-byte message that passed over the network in plaintext. Although he was never able to crack a 2-byte checksum used for issuance of each message, he was able to overcome this limitation by taking a brute-force approach, in which every possible combination of checksums was used.

There are other limitations to Lewis’s attack. For one, it requires attackers to have privileged access to the network connecting the access point to the server. Another is that the traffic was transmitted using the user datagram protocol, which rendered the brute-force attempts “not 100% reliable.”

But his point seems to be that, just as best practices require that passwords are never stored in the clear, fingerprints and other biometric data should likewise be encrypted. Architects designing the next generation of biometric systems, are you listening?

I hope they are listening, and they sort it out!

Source: The Register


Posted in: Exploits/Vulnerabilities, Hardware Hacking

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hardware Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,729 views
- AJAX: Is your application secure enough? - 120,086 views
- eEye Launches 0-Day Exploit Tracker - 85,535 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95