Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

20 June 2006 | 5,433 views

Money Lost Due to Cybercrime Down Again This Year!

Check Your Web Security with Acunetix

It seems even though vendors are pushing their snakeoil harder than ever, the actual figures show that the money lost due to cybercrime has decreased every year for the last four years!

Perhaps people are finally getting more secure, it’s not suprising with the advent of cheaper and easier to use intrusion detection and intrusion prevention systems.

For the fourth straight year, the financial losses incurred by businesses due to incidents such as computer break-ins have fallen, according to the 2006 annual survey by the Computer Security Institute and the FBI. Robert Richardson, editorial director at the CSI, discussed the survey’s findings in a presentation at the CSI NetSec conference here Wednesday.

Respondents in the 2005 survey reported an average of $204,000 in cybercrime losses, Richardson said. This year, that’s down to $168,000, about an 18 percent drop, he added. Compared with 2004, the average loss is down 68 percent.

The threats themselves haven’t really changed, so the ‘risk landscape’ is the same. Just the monetary loss has decreased.

Most important, perhaps, the 615 U.S. CSI members who responded to this year’s survey reported fewer security incidents. Viruses, laptop theft and insider abuse of Net access are still the most reported threats, but all have decreased compared with last year.

“The danger of insiders may be somewhat overstated, according to the survey group,” Richardson said. About a third of respondents said they had no losses at all due to insider threats, another 29 percent said less than one-fifth of overall losses came from insider threats.

I would definitely put it down to consistent and more widespread use of security technologies as well as general awareness and understanding being higher. I would agree with the following statement that nowadays it’s more likely the consumers are losing more money.

The businesses have already tightened themselves up.

When it comes to cybercrime losses, consumers might be bearing the brunt of them, and they are not covered by the survey, Richardson suggested. “Consumers are the low-hanging fruit,” he said. Costs related to identity theft, for example, fall largely back onto the consumer, he added, even if it did start with a data breach at an enterprise.

So as users we must be careful too.

Source: News.com



19 June 2006 | 6,752 views

SinFP v2.00 Released – Next Generation OS Detection Tool

OS Fingerprinting is an important part of any penetration test or hack as it allows you focus your efforts a lot more effeciently when point testing, rather than throwing everything at a machine like a script kiddy would. So let’s introduce a new option, other than p0f and xprobe2.

SinFP uses the aforementioned limitations as a basis for tests to be obsolutely avoided in used frames to identify accurately the remote operating system. That is, it only requires one open TCP port, sends only fully standard TCP packets, and limits the number of tests to 2 or 3 (with only 1 test giving the OS reliably in most cases).

New for 2.00:

  • complete rewrite
  • sinfp.db completely reworked
  • new tests based on comparison between probe and response (TCP seq/ack comparison, IP ID value comparison)
  • new matching algorithm, works like a search engine (a problem of finding intersection, by applying a deformation mask on keywords) much more efficient than in 1.xx branch
  • possibility to manually pass a matching mask to change at will the matching algorithm
  • passive fingerprinting much more acurate thanks to new matching algorithm
  • possibility to launch P1P2P3 probes, or only P1P2 probes, or only P2 probe
  • match IPv6 signatures against IPv4 ones
  • API changes, not compatible with 1.xx version anymore
  • DB schema changes, not compatible with 1.xx version anymore
  • many bugfixes

To read more you can check out the SinFP Homepage.

You can download SinFP directly here.


18 June 2006 | 7,775 views

Microsoft got Defaced

No, it wasn’t Microsoft.com, still, a very cool hack.

Microsoft France suffered an attack by a Turkish group, going by the handle of TiTHacK. You can check TiTHacK ‘profile’ over at Zone-H. By the looks of things, he has been really busy today.

At the time of this writing, the site still hasn’t been fixed. However, and just to be sure you’ll check it, you can use this mirror to see the defacement at Microsoft’s site.

Can we expect some new exploit to emerge?


18 June 2006 | 5,934 views

Kevin Mitnick Interview on Social Engineering

There’s a good interview with Kevin Mitnick on Social Engineering.

Well afterall, that is where his skill lies, not in technical hacking.

Arrested by the FBI in 1995 and convicted of breaking into the systems of Fujitsu Siemens, Nokia and Sun Microsystems, Mitnick served five years in prison–eight months of it in solitary confinement.

In his days on the wrong side of the law, Mitnick used so-called social-engineering techniques to fool users into handing over sensitive information. Rather than overt technical hacks, he was able to convince employees to hand over information that enabled him to hack systems, while redirecting telephone signals to avoid detection by the authorities.

As always the answer to social engineering is education!

Are you seeing any new attack methods?
Mitnick: They use the same methods they always have–using a ruse to deceive, influence or trick people into revealing information that benefits the attackers. These attacks are initiated, and in a lot of cases, the victim doesn’t realize. Social engineering plays a large part in the propagation of spyware. Usually, attacks are blended, exploiting technological vulnerabilities and social engineering.

What can businesses do to safeguard themselves?
Mitnick: Businesses should train people to try to recognize possible attacks.

The interview is a good read anyway, do check it out. You can also check out Mitnicks book on Social Engineering, The Art of Deception:

Source: News.com


17 June 2006 | 3,762 views

British Workers Love to Snoop Salary Info, Personal Notes & Colleagues Data

Well I would say this was true for office workers everywhere, not particularly just Brits.

But well the British are an inquisitive nation, so this doesn’t surprise me at all.

Nearly a quarter (22 per cent) of UK employees admit to having illegally accessed sensitive data such as salary details from their firms employer’s IT systems. More than half (54 per cent) of 2,200 adults polled during a YouGov survey said they’d forgo any scruples to do the same, given half a chance, according to a Microsoft sponsored survey that points to a culture of internal snooping and casual identity theft in offices across Britain.

Survey respondents said that HR and payroll information was the most popular target (36 per cent), followed by their manager’s personal notes (28 per cent) and their colleagues’ data (25 per cent). Given the chance, six per cent said they would pinch a colleague’s password.

Unsuprisingly also, guys are the bigger portion of the snoopers.

Blokes expressed a greater willingness than their female counterparts to risk dismissal by stealing confidential data. More than a quarter (27 per cent) of blokes said they’d swiped confidential information compared to 16 per cent of women. Workers in London and Scotland (25 per cent) were the most likely to offend, with the most honest workers living in the Midlands (18 per cent).

People would also be willing to access files from previous employers, if they still could.

A third (33 per cent) of respondents said they’d be prepared to access confidential files from previous employers if they still had access. Microsoft, which sponsored the research, said the YouGov survey illustrated the importance of controlling users accounts on IT systems while ensuring that there is a process in place to disable accounts once workers move onto other jobs

What is the moral here?

Make sure proper privelege segregation is in place, file share access controls, granual ACLs..

And have a proper hire and fire process for adding/disabling/deleting accounts.

The last thing you want is rogue accounts hanging around that give ex-employees (especially disgruntled ones) access to anything on your network.

Source: The Register


17 June 2006 | 8,469 views

New MSN Worm Hitting Users – BlackAngel.B

Well this week there was a Yahoo! Email worm, now also follows a vindictive new worm targetting MSN called BlackAngel.B. The reports come from the anti-virus software company Panda Software.

When activated the worm delivers a fateful terror message and then attempts to disable any protection software such as anti-virus, firewall or Windows system applications like Task Manager and Regedit.

It distributes itself to your whole contact list by trying to send them a video called Fantasma, so be wary.

A new worm that carries a message reminiscent of movies such as “The Ring” or “FearDotCom” is currently making rounds in the MSN Messenger community according to antivirus specialist Panda Security.

Once it has infected a computer BlackAngel.B uses the instant messenger to send messages to all the contacts in a user’s list, disguising itself as a video called “Fantasma” (Ghost). If opened, an image carrying the caption “En el 1er día te espantas, en el 2° te desesperas, en el 3° buscas ayuda y en el 4° mueres” – “on the 1st day you get scared, on the 2nd you get desperate, on the 3rd you look for help and on the 4th you die” appears on the screen, Panda said.

So just be careful on MSN and Yahoo!

Source: TG Daily


16 June 2006 | 4,179 views

Trojan Compromises 2,200 Oregon Tax Payers

Aha! Trojans strike again. Really, I still think it all comes down to education, it doesn’t seem to be a targeted attack though.

Just a random infection from your average porn site Trojan.

Electronic files containing personal data of up to 2,200 Oregon taxpayers may have been compromised by an ex-employee’s unauthorized use of a computer, the Oregon Department of Revenue said Tuesday.

Amy McLaughlin, an information technology security officer with the state, said the incident apparently occurred when an employee downloaded a contaminated file from a porn site.

There was no apparent pattern on the data taken.

Hardin said the released data likely involved names or addresses or Social Security numbers, or possibly in some cases all three.

It’s unclear if it was damaging but said some of the data may have gotten back to the porn site.

Ed O’Meara, head of the department’s information processing division, said about 1,600 files had been identified so far and that the total likely will not surpass 2,200.

He said 1,300 letters were sent out to the affected taxpayers as of Monday night and the rest are being contacted as they are identified.

Source: Katu News


16 June 2006 | 4,485 views

CLR and SQL Server 2005

Microsoft has taken a bit of a leap with the integration of .net into SQL Server, and a lot of developers(Myself included) are worrying about what security implications this could have. DevX.com have taken an in-depth look into the guts of it, and spilled them onto a page for us all to look at.

CAS provides a code-based rather than user-based authorization scheme to prevent various kinds of luring and other code attacks. But how does that security scheme coexist with SQL Server 2005’s own, newly enhanced security features? By default your .NET code is reasonably secure, but it’s all too easy for the two security schemes to butt heads and cause you grief. In this article I’ll look briefly at the concept behind CAS and a few new security features in SQL Server 2005, then explore how to make the two systems work for you instead of against you as you take advantage of these advanced programming features in SQL Server.

They seem suitably impressed, but sensibly wary at the same time.

The good news is that Microsoft did a great job bringing together the security systems of SQL Server and the Common Language Runtime, with tools to control code. But there are some interesting features’ both to watch for and to take advantage of!


15 June 2006 | 20,471 views

SQL Power Injector v1.1 Released

SQL Power Injector is a graphical application created in .Net 1.1 that helps the penetrating tester to inject SQL commands on a web page.

For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal Mode).

Moreover this application will get all the parameters you need to test the SQL injection, either by GET or POST method, avoiding thus the need to use several applications or a proxy to intercept the data.

Features

  • Supported on Windows, Unix and Linux operating systems
  • SQL Server, Oracle, MySQL and Sybase/Adaptive Server compliant
  • SSL support
  • Load automatically the parameters from a form or a IFrame on a web
    page (GET or POST)
  • Detect and browse the framesets
  • Option that auto detects the language of the web site
  • Find automatically the submit page(s) with its method (GET or POST)
    displayed in a different color
  • Single SQL injection
  • Blind SQL injection
  • Comparison of true and false response of the page or results in
    the cookie
  • Time delay
  • Response of the SQL injection in a customized browser
  • Fine tuning parameters injection
  • Can parameterize the size of the length and count of the expected
    result to optimize the time taken by the application to execute the SQL
    injection
  • Multithreading
  • Option to replace space by empty comments /**/ against IDS or filter
    detection
  • Automatically encode special characters before sending them
  • Automatically detect predefined SQL errors in the response page
  • Automatically detect a predefined word or sentence in the response page
  • Real time result
  • Possibility to inject an authentication cookie
  • Can view the HTML code source of the returned page
  • Save and load sessions in a XML file

You can find out more here:

SQL Power Injector

Download the latest version now.


14 June 2006 | 3,736 views

Security Events Around the World

Following Darknet post regarding SyScan’06, I decided to make a little resume of the most important security events all around the world.

Unfortunately we won’t be able to go, so all the pictures are welcome. (-:

If there’s any missing do let us know.

Recon 2006WWW16 June to 18 June 2006 – Plaza Hotel Centre-Ville, Montreal, Canada

InfoSecurity Canada 2006WWW20 June to 21 June 2006 – Metro Toronto Convention Center, Toronto, Canada

HOPE Number SixWWW21 July to 23 July 2006 – Hotel Pennsylvania, New York, USA

Secure Malaysia 2006WWW24 July to 26 July 2006 – Putra World Trade Centre, Kuala Lumpur, Malaysia

The Third Conference on e-Mail and Anti-SpamWWW27 July to 28 July 2006 – Mountain View, California, USA

Defcon 14WWW4 August to 6 August 2006 – Riviera Hotel & Casino, Las Vegas, USA

RuxCon 2006WWW30 September to 1 October 2006 – University of Technology, Sydney, Australia

Mobile SecurityWWW3 October to 5 October 2006 – Crowne Plaza, St James, London, UK

Infosecurity New York 2006WWW23 October to 25 October 2006 – Jacob K. Javits Convention Center, New York, USA

You can also visit SecurityPark for a complete list of Information Security events.