Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

29 September 2006 | 8,654 views

Google Eavesdropping Software

Cyber Raptors Hunting Your Data?

This is a little scary, intensely personal ads which to be frank are getting a little invasive as it is..It’s like the part in minority report where the billboards scan your eyes and talk to you using your name and history of purchases.

It looks like it might be happening sooner than we think.

The first thing that came out of our mouths when we heard that Google is working on a system that listens to what’s on your TV playing in the background, and then serves you relevant adverts, was “that’s cool, but dangerous”.

The idea appeared in Technology Review citing Peter Norvig, director of research at Google, who says these ideas will show up eventually in real Google products – sooner rather than later.

The idea is to use the existing PC microphone to listen to whatever is heard in the background, be it music, your phone going off or the TV turned down. The PC then identifies it, using fingerprinting, and then shows you relevant content, whether that’s adverts or search results, or a chat room on the subject.

Being a hacker at heart..I don’t trust ANYONE or ANYTHING when they say it’s secure, it can’t be broken, it’ll be kept away from prying eyes, as well…we all know whatever can be made can be broken one way or another right?

Pretty soon the security industry is going to find a way to hijack the Google feed and use it for full on espionage.

Google says that its fingerprinting technology makes it impossible for the company (or anyone else) to eavesdrop on other sounds in the room, such as personal conversations, because the conversion to a fingerprint is made on the PC, and a fingerprint can’t be reversed, as it’s only an identity.

But we should think that “spyware” might take on an extra meaning if someone less scrupulous decided on a similar piece of software.

Anyone else thinking “Yah right?”.

Source: The Register

Advertisements



28 September 2006 | 9,653 views

Security Compass Web Application Analysis Tool – SWAAT

Announcing a new web application source code analysis tool called the Securitycompass Web Application Analysis Tool or SWAAT.

You may know it as a static analysis tool.

Currently in its beta release, this .Net command-line tool searches through source code for potential vulnerabilities in the following languages:

  • Java and JSP
  • ASP.Net
  • PHP

Using xml-based signature files, it searches for common functions and expression which may lead to exploits. We believe that this tool will help you in your ongoing source code analysis efforts.

Please visit Security Compass to download SWAAT. Future releases of SWAAT would include plugins into popular IDEs such as Visual Studio .NET and Eclipse.

As the tool is still new, Security Compass appreciates any comments you have in functionality and desired features. Please send any feedback to swaat -at securitycompass.com.

The direct link to download SWAAT is HERE.


27 September 2006 | 29,872 views

Super Mega Wi-Fi Hacking Machine – Janus Project

Apart from the fact Janus is almost like Anus this is a very cool project.

Seriously this is really geeky stuff, but super cool.

If you think seeing a dozen wireless networks makes your computer the ultimate scanning box, think again. A small security firm has made a portable computer that is capable of scanning 300 networks simultaneously. Dubbed the “Janus Project”, the computer also has a unique “Instant Off” switch that renders the captured data inaccessible.

The computer is the brain-child of Kyle Williams from the Janus Wireless Security Research Group in Portland, Oregon. We first spotted Williams sitting quietly and sipping Mountain Dew at the recently held Defcon security convention at the Riviera Casino in Las Vegas, Nevada. While it appeared as if Williams wasn’t ver busy, the bright yellow Janus computer in front of him was scanning and capturing data from hundreds of wireless networks in range.

Sounds cool eh!

Janus Project

In addition to scanning for wireless traffic, Williams says the computer can break most WEP keys very quickly by focusing all eight wireless cards on the access point. Using a combination of common utilities like airreplay, airdump and aircrack, Willams said, “When I use all 8 radios to focus in on a single access point, [the WEP key] lasts less than five minutes.” However, he added that some retail wireless access points will “just die” after being hit with so much traffic.

In addition to the capturing process, the hard drive and memory contents are continuously encrypted with AES 256-bit keys. There is also an “Instant Off” switch that, according to Williams, renders the captured data inaccessible to anyone but him.

Source: TG Daily


26 September 2006 | 9,371 views

Nerdcore Hits the Streets – Geek Music for the Masses

Something a little off-topic for once, nerdcore is getting big!

Geek music is hitting the streets.

Gangsta is dead. Grime is a bore. There’s a new beat on the street and it’s called Nerdcore. This geeky hip hop subgenre, also dubbed CS rap (that’s computer science, yo!), is finally booting up with the release of Rhyme Torrents, a compilation featuring the work of more than 50 men and even a few ladies who bust rhymes (and C++ code). The collection is free online, so none of the artists make bank.

Check it out yo!

Like all true playa MCs, they did it for the street cred. Of course, in the CS rap arena that means a Wikipedia entry, and you can’t get one of those without an official album release. Here are a few of the overclocked hustlas you can find at nerdcorehiphop.org.

What are you waiting for, head to http://www.bedoper.com/nerdcore/ and grab some geeksta rap tunes now!

Source: Wired


25 September 2006 | 17,324 views

FIS [File Inclusion Scanner] v0.1 – PHP Vulnerability

A useful tool for anyone working with PHP applications.

DESCRIPTION
————
FIS (File Inclusion Scanner) is a vulnerability scanner for PHP applications. Is scans PHP files mapping PHP/HTTP variables and then performs a security audit,in order to find out which of them are exploitable.

USAGE
——
php fis.php [local file] [remote file] [remote FIS ID file]

[local file]
————–
The local copy of the PHP source file used by FIS to map the variables for the audit.

[remote file]
————–
The remote copy of the source executed by a remote webserver, the file we will audit.

[remote FIS ID file]
———————-
The FIS ID file is used to check whether a variable is exploitable or not. It contains PHP code that simply echoes a unique MD5 hash used for identification.

INTENDED AUDIENCE
——————
FIS is intended to be used by penetration testers, not script kidies nor malicious users. It creates a lot of noise on the remote host and can be easily discovered with a simple glance at
the webserver logs, which makes it useless as a cracking tool.

FEATURES
———
FIS, currently, supports audits using only GET requests. COOKIE & POST support is not yet implemented.

LOGGING
———
FIS automatically logs extra audit information in “fis.log” in the working directory.

FIS Website

You can download FIS directly here.


24 September 2006 | 6,601 views

Most Damaging Computer Attacks Rely on Stolen Logins

A sterling case for two factor authentication if I ever saw one.

The rule is use two of the 3 methods of authentication, if possible use all 3.

  1. What you have (A USB key or Token)
  2. What you are (Biometrics – Fingerprint or Iris scan)
  3. What you know (A password or passphrase)

More than 8 out of every 10 computer attacks against businesses could be stopped if enterprises checked the identity of not only the user, but also the machine logging onto its network, a report released Monday claimed.

The study, conducted by a California research firm and paid for by BIOS maker Phoenix Technologies, used data from cases prosecuted by federal authorities between 1999 and 2006 to reach its conclusions.

“We wanted to get an honest viewpoint that wasn’t opinion- or survey-based,” said Dirck Schou, the senior director of security solutions at Phoenix. The problem with acquiring data on computer attacks, including the amount of damage done, is that companies are often hesitant to admit to a breach. “That’s the beauty of this [data],” said Schou. “It’s only looking at those who have actually suffered an attack.”

Their point of view is implementing checking of the physical machine, or perhaps logically checking that it should be part of the network? Some unique ID for each machine generated from hashes of the parts perhaps.

According to the report, attacks based on logging in with stolen or hijacked credentials cost businesses far more, on average, than the typical worm or virus assault. When a privileged account is penetrated by an unauthorized user, the average damage runs to $1.5 million, the report said. The average cost from a single virus attack was much smaller: under $2,400.

“Cyber criminals who accessed privileged accounts obtained IDs and passwords through many means,” the report said. “Network sniffing, use of password cracking programs, and collusion with insiders. It was also common for employees to share their IDs and passwords with coworkers who later left the organization and used that knowledge to gain access.”

All common and fairly easy methods, perhaps it’s time people really took some effort to understand information security and the issues at hand.

Source: Information Week


22 September 2006 | 5,290 views

SIFT Web Method Search Tool

SIFT has just published a world-first tool for identifying rogue web methods. The Web Method Search tool is a Windows based application that uses a hybrid dictionary attack in an attempt to find unpublished administrative and other web services functions.

As web services are becoming more prevalent, poor security practices from previous generations of application architectures are being transferred to the web service space. One of these practices is the use of ‘security through obscurity’ to hide certain web methods from users – that is, web methods exist that can be called, but that are not published in the WSDL or otherwise disclosed.

The SIFT Web Method Search tool is a dictionary attack tool that can be used to brute force the web method names for a given web service under certain circumstances. That is, SOAP requests can be submitted to a web service using probable combinations of words to allow the identification of hidden web methods not published in the corresponding WSDL document. This is possible because responses to requests for non-existent web methods and web methods that exist differ markedly under most platforms.

The tool is available for download from http://www.sift.com.au/73/171/sift-web-method-search-tool.htm

Should anyone have any questions, bug reports or other suggestions please feel free to contact us via research@sift.com.au


21 September 2006 | 6,823 views

DOE Hit By Hackers and Covered Up

Ahah! More government cover-ups? This one was a while back too.

Digging on those archives right now yah.

A hacker stole a file containing the names and Social Security numbers of 1,500 people working for the Energy Department’s nuclear weapons agency, scary eh?

The US government security really does scare me sometimes, their internal departments have some of the lowest IT security scores…there are SO many data leaks and successful hacks, I mean I appreciate they have a sprawling infrastructure which makes it hard to maintain, but please, at least try?

For example Homeland Security scored an F again for Internal Security.

And this time it was covered up..

But the incident, somewhat similar to recent problems at the Veterans Affairs Department, was last September yet senior officials were informed only two days ago, officials told a congressional hearing Friday. None of the victims was notified, they said.

The data theft occurred in a computer system at a service center belonging to the National Nuclear Security Administration in Albuquerque, New Mexico. The file contained information about contract workers throughout the agency’s nuclear weapons complex, a department spokesman said.

NNSA Administrator Linton Brooks told a House hearing that he learned of the security breach late last September, but did not inform Energy Secretary Samuel Bodman about it. It had occurred earlier that month.

It was as always blamed on ‘miscommunication’ but it’s bullshit as the people involved meet every day..

The oversight and investigations subcommittee learnt of this and launched their panel into action.

The Energy Department spends $140 million a year on cyber security, Gregory Friedman, the DOE’s inspector general, told the committee. But he said that while improvements have been made, “significant weaknesses continue to exist,” making the unclassified computer system vulnerable to hackers.

Last fall, a so-called “Red Team” of DOE computer specialists — seeking to test the security safeguards — succeeded in hacking into and gaining control of a DOE facility’s computer system, the panel was told.

“We had access to sensitive data including financial and personal data…. We basically had domain control,” said Glenn Podonsky, director of DOE’s Security and Safety Performance Assessment. “We were able to get passwords, go from one account to another.”

Perhaps they really do need some lessons?

Source: Wired


20 September 2006 | 42,392 views

Domain Stealing or How to Hijack a Domain

Please note this is an old technique again, just for learning purposes, learn how the old techniques worked and why they worked, then try and discover new ways to do things.

Summary

The sole purpose of the information contained in this advisory is to point out the flaws in InterNIC’s domain name handling system and is intended for educational use only. Since this is public knowledge, it should be also in everyone’s reach.

The technique described below involves an easy to follow procedure of stealing .com/.net/.org/.gov/.mil domain names.

This vulnerability has been publicly known for quite a while, and there are ways to prevent it. The procedure below enables an attacker to take over a domain name, enabling him or her to make the arbitrary web address (www.example.com) point to any desired web page on the Internet. This method of domain hijacking is constantly being used to hijack domain names, and to deface web sites.

THIS DOCUMENT SHOULD NOT BE USED FOR ANY ILLEGAL ACTIVITY.

Details

Required ingredients:

  • Anonymous remailer or mail bomber that can spoof email addresses.
  • Social Engineering skills for timing the emails.
  • A fake email address at hotmail.com or any other free service.

Exploit:
As an example for this advisory, we will take the domain name example.org. Go to http://www.networksolutions.com and click on the link that says ‘Who Is.’ Now enter the domain name (example.org in this case) in the search field and click on the ‘Search’ button. This would show you the WhoIs information, which will be similar to the one shown below:

Now you have two choices:

1) Either you could take full control of the domain by changing the Administrator’s handle information.

Or

2) You could simply point the domain to another host and let it recover in time by itself.

[…]


20 September 2006 | 5,134 views

China Outlaws Private E-mail Servers

Ah China, always been famous for repressing their population, now there repression is moving onto the Internet and using digital means..

Just like the so called ‘Great Firewall of China’, I’ve been meaning to do an article about that for quite some time, I have something drafted.

Anyway the latest thing China has done has made it illegal to own a private e-mail server without a ‘licence’. I guess it could be said that it’s an effort to curb spam…but..

China has introduced regulations that make it illegal to run an email server without a licence. The new rules, which came into force two weeks ago, mean that most companies running their own email servers in China are now breaking the law.

More than 600,000 servers were sold in China last year, according to market researchers. It’s unclear how many of these are running mail server software, which includes programs like Microsoft Exchange Server, Sendmail, Qmail or Lotus Notes.

They are calling it part of the anti-spam effort..

The new email licensing clause is just a small part of a new anti-spam law formulated by China’s Ministry of Information Industry (MII). The chilling effect on corporate email servers, which are commonly used by companies with more than a handful of employees, appears to have gone unnoticed until now.

However, Singapore-based technology consultant, James Seng, who first drew attention to the new email licence requirement, believes the inclusion of the prohibition on mail servers is no accident.

“Looking at the Chinese text, it is clear they have worded it carefully”, he told vnnet,”They know exactly what they are doing and what they want. So this isn’t a case of clueless civil servants screwing up or just bad translation.”

To be fair though spam originating from China has become a massive problem in the last 6-12 months, I’ve even noticed the amount of Chinese language spam increasing exponentially.

Under the new regulations, Email Service Providers must register their mail servers’ internet protocol (IP) addresses with authorities 20 days before they start operating the server. The must also keep a record of all emails sent and received for 60 days. The rules even prohibit open relays: mail servers which accept and relay email from any source without verification

The regulations also ban many of the techniques commonly used by spammers, such as hijacking servers to use as ‘zombie’ spam relays. In addition, advertisers sending unsolicited commercial mail also need to prefix the subject line with ‘Advertisement’ or ‘AD’, and comply with recipients’ requests to cease sending them unwanted email.

Perhaps in a way it might be a good thing?

Source: VNUnet