Archive | November, 2008

FireCAT 1.4 Released – Firefox Catalog of Auditing Extensions

Cybertroopers storming your ship?


FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment

You can find an online map of Firecat v1.4 here.

Changes for version 1.4

Information Gathering (Enumeration and Fingerprinting)

  • Passive Recon : PassiveRecon allows Information Security professionals the ability to perform “packetless” discovery of target resources utilizing publicly available information

Security Auditing

  • Selenium IDE : Selenium is a test tool for web applications. Selenium tests run directly in a browser, just like real users do
  • RESTTest : Construct custom HTTP requests to directly test requests against a server. RESTTest uses the XmlHttpRequest object and allows you to simulate XHR to quickly prototype requests and test security problems. Designed specifically for working with REST sources, supporting all HTTP methods
  • Acunetix Firefox plugin: Read here a good review by Kev Orrey. Extension submitted by Kev Orrey from VulnerabilityAssessment

IT Security Related

  • Added Milw0rm Exploits Search

Fixes

  • Fixed HashMDTool link
  • Fixed OSVB extension link
  • Fixed US Homeland Security Threat link

You can download FireCAT v1.4 here:

FireCAT 1.4 Source (Zip – 4.6 kb)
FireCAT 1.4 Browsable HTML (Zip – 37.2 kb)
FireCAT 1.4 pdf (PDF – 186.3 kb)

You can actually wget all the tools from here:

http://phrack.fr/tools/FireCAT-1.4

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script
- Phishing Frenzy – E-mail Phishing Framework

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,968,570 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,384,350 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 673,721 views

Get 50% off your second year with our 2-year deal!


Spam Back on the Rise with Srizbi Resurrected

Cybertroopers storming your ship?


After McColo was partially disconnected from the Internet by it’s peers global spam dropped noticeably.

It seems however that the spam was emanating from a zombie network and the control servers were hosted by McColo, the creators of the botnet (Srizbi) were smart about it though and built a fail-safe system into the the malware.

It should be expected that spam will return to normal levels within a week or so.

On Nov. 11, the Internet servers used to control the Srizbi botnet were disconnected when a Web hosting firm identified by security experts as a major host of organizations engaged in spam activity was taken offline by its Internet providers.

Turns out, Srizbi’s authors had planned ahead for such a situation by building into each bot a fail-safe mechanism in case its master control servers were unavailable: A mathematical algorithm that generates a random but unique Web site domain name to check for new instructions and software updates.

With such a system in place, the malware authors can regain control over the bots merely by registering the Web site names that the infected machines are trying to visit and placing the instructions there.

It seems to be a pretty advanced piece of malware, it acts as a rootkit so it’s hard to remove, it’s has a Python mailing component which allows 3rd party access – this makes it very probably the botnet is ‘rented’ out to spam houses. It also pretty powerful on the network level as it can directly attach NDIS and TCP/IP drivers to its own process to hide network traffic it generates.

Some claim Srizbi is the largest botnet and is responsible for over half of the spam being produced globally, so this is a worrying turn of events.

According to FireEye, a security company in Milpitas, Calif., that has closely tracked the botnet’s actviity, a number of those rescue domains were registered Tuesday evening, apparenly directing at least 50,000 of the Srizbi-infected machines to receive new instructions and malicious software updates from servers in Estonia.

FireEye senior security researcher Alex Lanstein said he fully expects spam volumes to recover to their pre-Nov. 11 levels within a couple of days.

“Srizbi was the spam king,” Lanstein said. “And now it’s back.”

Seen as though the main activity is happening in Eastern Europe it seems unlikely anyone will be able to stop it and due to the very nature of botnets (completely distributed) IP blacklisting is futile as the mail could be coming from anywhere.

Anyhow it’ll be an interesting story to watch and I hope there are some new developments in taking these botnets out.

Source: Security Fix


Posted in: General News, Malware, Spammers & Scammers

Tags: , , , , , , , , , , , , ,

Posted in: General News, Malware, Spammers & Scammers | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,364 views
- eEye Launches 0-Day Exploit Tracker - 85,449 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,604 views

Get 50% off your second year with our 2-year deal!


Browser Rider – Web Browser Exploitation Framework

Don't let your data go over to the Dark Side!


Browser Rider is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.

Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there are unmaintained, not updated and not documented. Browser Rider wants to fill those gaps by providing a better alternative.

Features

  • Easily create powerful payloads and plugins
  • Manage payloads automatically with plugins
  • All data can be saved in a database
  • Obfuscation
  • Polymorphism
  • Control more than one zombie at a time
  • Simple administration panel

Requirements

  • PHP 5, with json installed
  • Mysql
  • Apache with url_rewrite on
  • Targets must have Javascript turned on

You can download Browser Rider here:

Browser Rider v20081124 (changelog)

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script
- Phishing Frenzy – E-mail Phishing Framework

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,968,570 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,384,350 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 673,721 views

Get 50% off your second year with our 2-year deal!


Julie Amero Spyware Case Finally Comes To An End

Cybertroopers storming your ship?


It’s a sad case when someone loses their career over an incident which was outside of their control, not everyone can be expected to keep their computers free of spyware and malware.

It just doesn’t happen.

Unfortunately for Julie Amero, she got some porn pop-ups at the wrong time in a class full of students. If you aren’t familiar with the case you can read the Wiki entry – State of Connecticut v. Julie Amero.

On Friday, prosecutors reached a plea agreement with the former Connecticut schoolteacher who at one time faced up to 40 years in prison after being convicted of endangering minors. The charges stemmed from a 2004 incident in which a computer loaded with spyware displayed pornography to her students.

State prosecutors dropped four felony charges of “risk of injury to a minor” against her, with Amero pleading guilty to a disorderly conduct misdemeanor, according to the Hartford Courant.

A jury convicted Amero of the felony charges in January 2007, but the presiding judge in the case, Hillary Strackbein, set aside that verdict five months later, essentially granting Amero a new trial.

It’s amazing that she could even face up to 40 year behind bars for this fairly simply and completely innocuous incident.

At least the sentence she got wasn’t too harsh, she did have her teaching privileges revoked however and this case has been hanging over her for the past 4 years – which can’t have been good for her either.

Amero will pay a US$100 charge and have her Connecticut teaching credentials revoked, said Sunbelt Software CEO Alex Eckelberry, who led the team of computer investigators that analyzed the school’s computer and concluded that Amero was innocent.

“The stress of this thing,… it just totally freaked her out,” Eckelberry said Friday. “For four years she’s been sitting there with this thing hanging over her.”

“It’s disappointing that it wasn’t dropped, but on the other hand I’m happy she got her life back,” he added.

Amero had become a cause celebre to computer security professionals who argued that she was an innocent victim of spyware programs that took control of a poorly configured computer on Oct. 19, 2004, at Kelly Middle School in Norwich, Connecticut, where Amero had been a substitute teacher.

I hope it hasn’t detrimentally effected her psychologically and she can now get back to her life and pursuing some other kind of non-teaching career.

You can read Julie Amero’s blog here, which has some additional info about her story.

Sometimes it makes you wonder who the legal system is meant to protect, doesn’t it?

Source: Network World


Posted in: Legal Issues, Malware

Tags: , , , , , , ,

Posted in: Legal Issues, Malware | Add a Comment
Recent in Legal Issues:
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details
- More Drama About Hillary Clinton’s E-mail Leak – VNC & RDP Open

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,681 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,581 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,592 views

Get 50% off your second year with our 2-year deal!


ike-scan – IPsec VPN Scanning, Fingerprinting and Testing Tool

Cybertroopers storming your ship?


ike-scan is a command-line tool for discovering, fingerprinting and testing IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.

ike-scan allows you to:

  • Send IKE packets to any number of destination hosts, using a configurable output bandwidth or packet rate. (This is useful for VPN detection, when you may need to scan large address spaces.)
  • Construct the outgoing IKE packet in a flexible way. (This includes IKE packets which do not comply with the RFC requirements.)
  • Decode and display any returned packets.
  • Crack aggressive mode pre-shared keys. (You can use ike-scan to obtain the PSK hash data, and then use psk-crack to obtain the key.)

You can read more in depth about ike-scan and how to use it – in the User Guide.

ike-scan is free software, licensed under the GPL. It runs on Windows, Linux and most Unix systems. If you don’t already have ike-scan installed on your system, read the installation guide.

You can download ike-scan 1.9 here:

Source distribution: ike-scan-1.9.tar.gz
Windows binary: ike-scan-win32-1.9.zip

Older versions of ike-scan

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script
- Phishing Frenzy – E-mail Phishing Framework

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,968,570 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,384,350 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 673,721 views

Get 50% off your second year with our 2-year deal!


Dshocker AKA Aush0k Hacker Pleads Guilty to Computer Felonies

Don't let your data go over to the Dark Side!


Another teen hacker in the news, this guy looks like he has some formidable skills though with the list of crimes he’s perpetrated.

He’s pleaded guilty though, so he should get a reduced sentence and he’s still classified as a juvenile offender being only 17 – so that works in his favour too.

A juvenile hacker with a reputation for stirring up trouble in online gaming groups has admitted to multiple computer felonies, including cyber attacks that overwhelmed his victims with massive amounts of data and the placing of hoax emergency phone calls that elicited visits by heavily armed police teams.

Known by the online handle of Dshocker, the 17-year-old Massachusetts hacker also admitted he breached multiple corporate computer systems, called in bomb threats and engaged in credit card fraud. The defendant, who was identified only by the initials N.H., pleaded guilty to charges in court documents that included one count each of computer fraud and interstate threats and four counts of wire fraud.

Dshocker is best known in hacker and gaming circles as the miscreant said to have perpetrated a series of attacks on members of myg0t, an online confederation dedicated to cheating and disrupting play in online games such as Counter Strike. He also unleashed attacks on other well-known hackers, according to online accounts.

It seems like he’s mixed up in some pretty dodgy online communities and has quite a number of people who have grudges against him.

I think he stepped off the mark a bit when he got engaged in credit card fraud – that’s a really dangerous business and serious if you get caught (which he has unfortunately for him).

To fool police, Dshocker spoofed his phone number so it appeared to originate from a victim who was located thousands of miles away. He obtained the victims’ numbers and addresses by breaking into the computer systems of their internet service providers and accessing subscriber records. Charter Communications, Road Runner, and Comcast are among the ISPs he broke into.

One call falsely reporting a violent crime in progress was made in March to the police department in Seattle. Another in April was made to police in Roswell, Georgia. Both calls originated from a phone located in Dshocker’s home town of Worcester, Massachusetts. He also phoned in a false bomb threat at one school and the presence of an armed gunman at another.

Dshocker didn’t limit his illegal hacking to settling grudges with fellow gamers. From 2005 to earlier this year, he used stolen credit card information to make fraudulent purchases. He also managed to gain free internet access by stealing proprietary software from a large, unnamed electronics company and then using it to modify his cable modem.

He was involved with phone number spoofing too and prank calls about bombs and gunmen. He was also perpetrating all these crimes over free Internet which he’d jacked by stealing the cable modem software.

Apparently he’ll get 11-month sentence of juvenile detention, which could have been 10 years if he was tried as an adult.

Source: The Register


Posted in: General Hacking, Legal Issues

Tags: , , , , , , , , , , , ,

Posted in: General Hacking, Legal Issues | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,167,328 views
- Hack Tools/Exploits - 620,418 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 431,830 views

Get 50% off your second year with our 2-year deal!


Microsoft Security Assessment Tool – Free for Windows

Don't let your data go over to the Dark Side!


The Microsoft Security Assessment Tool (MSAT) is a free tool designed to help organizations like yours assess weaknesses in your current IT security environment, reveal a prioritized list of issues, and help provide specific guidance to minimize those risks. MSAT is an easy, cost-effective way to begin strengthening the security of your computing environment and your business. Begin the process by taking a snapshot of your current security state, and then use MSAT to continuously monitor your infrastructure’s ability to respond to security threats

Understanding Your Risks

MSAT is designed to help you identify and address security risks in your IT environment. The tool employs a holistic approach to measuring your security posture and covers topics including people, process, and technology.

MSAT provides:

  • Easy to use, comprehensive, and continuous security awareness
  • A defense-in-depth framework with industry comparative analysis
  • Detailed, ongoing reporting comparing your baseline to your progress
  • Proven recommendations and prioritized activities to improve security
  • Structured Microsoft and industry guidance

MSAT consists of over 200 questions covering infrastructure, applications, operations, and people. The questions, associated answers, and recommendations are derived from commonly accepted best practices, standards such as ISO 17799 and NIST-800.x, as well as recommendations and prescriptive guidance from the Microsoft Trustworthy Computing Group and other external security sources.

You can download MSAT here:

MSATEnglish 4.0

Or read more here.


Posted in: Countermeasures, Security Software, Windows Hacking

Tags: , , , , , , , , ,

Posted in: Countermeasures, Security Software, Windows Hacking | Add a Comment
Recent in Countermeasures:
- PEiD – Detect PE Packers, Cryptors & Compilers
- NAXSI – Open-Source WAF For Nginx
- Defence In Depth For Web Applications

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,978 views
- Password Hasher Firefox Extension - 117,683 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,695 views

Get 50% off your second year with our 2-year deal!


Spam ISP McColo Cut Off From the Internet

Don't let your data go over to the Dark Side!


You might recall we reported a while ago about ‘spam friendly’ ISP Intercage coming back online after having their plug pulled by upstream provider UnitedLayer.

They pledged to clean up their act though and drop their biggest client who was an Eastern European malware and phishing host.

This time another ISP has been suspected of hosting sites that partake in online crime, child pornography and phishing scams.

A U.S. Internet service provider suspected of aiding cybercriminals in online scams and hosting child pornography was at least partially cut off from the Internet on Tuesday night.

The ISP (Internet service provider), McColo, had been under the watchful eye of computer security analysts for years. It is one of a handful of so-called “bulletproof” hosting providers that provide safe haven online for cybercriminals selling Viagra and fake security software.

ISPs can connect with each other to exchange Internet traffic, a practice known as “peering.” Hurricane Electric, an ISP that carried a portion of McColo’s traffic, disconnected with McColo on Tuesday night. Global Crossing, an IP (Internet Protocol) network services provider also connected to McColo would not comment.

Any hosting provider that offers ‘bulletproof’ services rings alarm bells for me as that usually means they are willing to hide spammers/scammers and malware propagation as long as you keep paying the bills.

2 of their Internet peers have already disconnected them, you can see an interesting freemind map of some of the sites and activity they were linked to here.

The whole article can be found here: A Closer Look at McColo

The shutdown coincides with a damming new report authored by several computer security researchers who detail how McColo and other questionable service providers are linked to spam and cybercrime.

McColo’s shutdown “demonstrates that when presented with appropriate evidence of criminal activity, the Internet community can bring about the positive forces necessary to purge it,” the analysts wrote.

McColo, whose servers were located within the U.S., at one time hosted up to 40 Web sites with child pornography, the report said.

McColo also played a big role in spam distribution, said Richard Cox, CIO of Spamhaus, which tracks spamming operations. It hosted Web sites that could infect people’s computers with malicious software used for sending spam, he said.

Apparently there has been a noticeable drop in spam after McColo has been partially cut off from the Internet. There have been reports that a 60-75% reduction in overall spam has been measured after 2 of the McColo peers dropped them meaning the majority of their sites are unreachable.

That’s a huge amount coming from 1 ISP! I hope the other culprits in hosting such sites can be found and disconnected dropping the spam percentage to something that is easy for everyone to deal with.

Source: Network World


Posted in: Legal Issues, Spammers & Scammers

Tags: , , , , , , , , , , , ,

Posted in: Legal Issues, Spammers & Scammers | Add a Comment
Recent in Legal Issues:
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details
- More Drama About Hillary Clinton’s E-mail Leak – VNC & RDP Open

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,681 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,581 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,592 views

Get 50% off your second year with our 2-year deal!


Maltego – Forensics and Intelligence Application & Information Gathering Tool

Cybertroopers storming your ship?


Maltego is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.

Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them. It is a must-have tool in the forensics, security and intelligence fields!

Maltego offers the user with unprecedented information. Information is leverage.

What does Maltego do?

Maltego is a program that can be used to determine the relationships and real world links between:

  • People
  • Groups of people (social networks)
  • Companies
  • Organizations
  • Web sites
  • Internet infrastructure such as: Domains, DNS Names, Netblocks and IP Addresses
  • Phrases
  • Affiliations
  • Documents and files

These entities are linked using open source intelligence.

  • Maltego is easy and quick to install – it uses Java, so it runs on Windows, Mac and Linux.
  • Maltego provides you with a graphical interface that makes seeing these relationships instant and accurate – making it possible to see hidden connections.
  • Using the graphical user interface (GUI) you can see relationships easily – even if they are three or four degrees of separation away.
  • Maltego is unique because it uses a powerful, flexible framework that makes customizing possible. As such, Maltego can be adapted to your own, unique requirements.

Limitations

The Community Edition is limited in the following ways:

  • A 15second nag screen
  • Save and Export has been disabled
  • Limited zoom levels
  • Can only run transforms on a single entity at a time
  • Cannot copy and paste text from detailed view
  • Transforms limited to 75 per day
  • Throttled client to TAS communication

Check out the User Guide here.

You can download Maltego Community Edition here:

Maltego CE – Linux
Maltego CE – Windows

Or read more here.


Posted in: Forensics, Security Software

Tags: , , , , , , , , ,

Posted in: Forensics, Security Software | Add a Comment
Recent in Forensics:
- FastIR Collector – Windows Incident Response Tool
- Rekall – Memory Forensic Framework
- DAMM – Differential Analysis of Malware in Memory

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,325 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 33,893 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 27,783 views

Get 50% off your second year with our 2-year deal!


Express Scripts Offers $1million Reward for Cyber Extortionists

Cybertroopers storming your ship?


This is an interesting story, I’ll be watching how it develops – it’s not often you see a bounty for online crimes and especially one as enticing as 1 million dollars!

That’s a hell of a sum for nailing down some dodgy hackers who are running an extortion scam after a data leak.

I really wonder where this will lead.

A US-based prescription processing and benefits firm has taken the unusual step of offering a $1m bounty for information that leads to the arrest and conviction of an unknown group which targeted it in a cyber-extortion scam.

Express Scripts went public last week with news that it received personal details on 75 end users including, in some cases, prescription data. Blackmailers threatened to expose millions of records they claimed were in their possession unless the firm paid up.

The cyber-extortionists responded to a refusal to pay up by moving onto the customers of Express Scripts with similar threats, sent in letters to these various organisations. Express Scripts responded on Tuesday by upping the ante and offering a $1m reward for information that put the unidentified miscreants behind bars

Also in situations like this you have to bear in mind the terms and conditions, the reward actually requires that legal action be taken against the criminals and not just their identity known.

Imagine if they are in a country that has no extradition laws or doesn’t have good relations with the US.

In a related move, Express Scripts offered identity restoration services to anyone who becomes a victim of identity theft as a result of its security breach. It has set up a website to provide information to its members – insurance carriers, employers, unions and the like who run health benefit plans – to provide support at esisupports.com. It has also has hired risk consulting firm Kroll to help its members.

The cause of the breach that led to the data leak and the extent of the compromise are still under investigation. Beyond saying it “deploys a variety of security systems designed to protect their members’ personal information from unauthorized access”, Express Scripts (which handles a reported 50 million prescriptions a year) has said little about the breach or how it intends to prevent a repetition.

As well as posting a reward, Express Scripts has called in the FBI in its attempts to bring the blackmailers threatening its business to book. Anyone with information on that threats is advised to contact the FBI on 800-CALL-FBI. ®

It’s interesting that the whole issue of how the data integrity was comprised and what happened exactly to expose the customer details.

Perhaps the whole thing is a PR management exercise to divert attention away from the real issues, they may have issued the reward in safe knowledge the people involved will never be served justice.

But then that’s just me being a skeptic.

Source: The Register


Posted in: General Hacking, Legal Issues, Privacy

Tags: , , , , , , ,

Posted in: General Hacking, Legal Issues, Privacy | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,167,328 views
- Hack Tools/Exploits - 620,418 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 431,830 views

Get 50% off your second year with our 2-year deal!