Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

13 May 2006 | 4,403 views

I’m gonna h4x0r j00r Ferrari

Prevent Network Security Leaks with Acunetix

Hacking cars, what next? I have fears for the IPv6 generation (if it every happens), when every toaster and light bulb has an IP address, yeah…I’m gonna hack your house then and make your lights blink.

High-tech thieves are becoming increasingly savvy when it comes to stealing automobiles equipped with keyless entry and ignition systems. While many computer-based security systems on automobiles require some type of key ‘mechanical or otherwise’ to start the engine, so-called ‘keyless’ setups require only the presence of a key fob to start the engine.

The expert gang suspected of stealing two of David Beckham’s BMW X5 SUVs in the last six months did so by using software programs on a laptop to wirelessly break into the car’s computer, open the doors, and start the engine.

Poor Beckham, he got had twice.

I wonder how simplistic the system they are using is? 20 minutes to break the encryption? A simple XOR or something, it must be.

“It’s difficult to steal cars with complex security, but not impossible. There are weaknesses in any system” Tim Hart of the Auto Locksmith Association told the U.K’s Auto Express magazine. “At key steps the car’s software can halt progress for up to 20 minutes as part of its in-built protection” said Hart.

Because the decryption process can take a while ‘up to 20 minutes, according to Hart’ the thieves usually wait to find the car in a secluded area where it will be left for a long period. That is believed to be what happened to Mr. Beckham & the crooks followed him to the mall where he was to have lunch, and went to work on his X5 after it was parked.

I’ve heard an experiment was done by some students at John Hopkins, they connected 16 FPGAs together at a total cost of under $3,500. Texas Instruments provided them with 5 DST tags whose keys they did not know. The 16-way parallel cracker was able to recover all 5 keys in well under 2 hours.

Source: Left Lane News



11 May 2006 | 3,291 views

The Next 50 Years of Computer Security

There’s an interesting audio file about the next 50 years of computer security, it’s from a talk Alan Coxa a fellow at Red Hat Linux gave recently at the European OSCON.

It talks about the implementations of modularity, trusted computing hardware (we are already seing this in part, hardware anti-virus implementations and DRM to be built into CPUs), ‘separation of secrets,’ and overcoming the challenge of users not reading dialog boxes, will be crucial milestones as we head on to the future. He states: “As security improves, we need to keep building things which are usable, which are turned on by default, which means understanding users is the target for the next 50 years. You don’t buy a car with optional bumpers. You can have a steering wheel fitted if you like, but it comes with a spike by default.” All of this has to be shipped in a way that doesn’t stop the user from doing things.

Security and validation are critical issues in computing, and the next fifty years will be harder than the last. There are a number of proven programming techniques and design approaches which are already helping to harden our modern systems, but each of these must be carefully balanced with usability in order to be effective. In this talk, Alan Cox, fellow at Red Hat Linux, explores the future of what may be the biggest threat facing software engineers, the unverified user.

Of course security is always a balance between usability and actual security, the more secure something is, generally the less usable it becomes and vice versa, imminently usable…totally unsecure.

What else do you think is going to happen? For better or worse..

Source: IT Conversations


10 May 2006 | 6,286 views

MORE Sendmail Problems – Signal Handling Vulnerability

OH MY GOD, NOT ANOTHER SENDMAIL FLAW?

What’s that? Yah number 1001010102121.

Recently, Mark Dowd of ISS discovered a signal handling vulnerability in Sendmail. We don’t see major bugs in software that’s as popular as Sendmail very often (at least, in the Unix world anyways), and that’s probably a good thing. According to sendmail.com, Sendmail still handles about 70 per cent of all email on the internet.

As far as software goes, Sendmail is ancient, dating all the way back to 1981. Sendmail 8 itself is well over 10 years-old. To put it nicely, its security track record is less than stellar. However, the last big show stoppers in Sendmail were found about three years ago & Zalewski’s prescan() bugs reported in September and March of 2003, and crackaddr(), also in March of 2003. The crackaddr() bug was also discovered by Mark Dowd.

So it’s been about 3 years since the last big sendmail bug, but well how many underground exploits are there for sendmail, it seems to have been one of the most insecure peices of software to ever grace the Internet.

The article also addresses some interesting issues, like can software have a finite amount of bugs? I don’t believe so, unless it’s very simple and is never updated, there’s no way it can have a finite amount of errors.

More code or more changes = more bugs.

Source: The Register


10 May 2006 | 25,045 views

SecureDVD – Multiboot Live Security Distro’s

SecureDVD is a DVD with the 10 Best Security related Live CD’s.

Yes that’s right, they authored this DVD based on the recommendations made by Darknet!

Now you can have all your favorite CDs ‘compiled’ into a single DVD. I love this idea.

SecureDVD is available to download, but due to it’s size, only in BitTorrent. You can also have it shipped to your address if you buy it.

You can take a look at the boot loader screenshot here

Enjoy, and remember to seed after you’re done downloading.

P.S: I suggest everyone to wait a couple of hours until starting to download. SecureDVD is currently fixing some problems they had with the .Torrent.

Update: Download is going smooth now ;) ~100KBs


09 May 2006 | 10,208 views

UK hackers condemn McKinnon trial

It is a little over the top, this guy used over the counter kiddy tool and ‘hacked’ into systems because of blank passwords.

Not rocket science, and apparently the machines he had access to were air-gapped, or segregated from the networks containing sensitive information, so the charges are greatly trumped up and are NOT relative to his offence.

The UK’s hacking community has strongly criticised how fellow hacker Gary McKinnon has been treated.

Accused of hacking into US military computer networks, Mr McKinnon this week is expected to find out if he is to be extradited for trial in the US.

British hackers say he is being made an example of to serve political ends rather than improve computer security.

The punishment he faces, up to 70 years in jail, was also too harsh a sentence for the crimes he has confessed to.

70 years? For hacking into some minor grade web servers and finding some mostly declassified information.

Mark, and another attendee Rat, suggested that Mr McKinnon was being treated harshly to send a message to the rest of the hacking community to clean up its act.

“But,” they said, “the idea of clamping down on some unlucky guy and threatening him with 70 years in jail will not make the blindest bit of difference.”

“All [hackers] think they will not get caught,” said Mark.

Rat said that almost every message received by the blogs set up to document Mr McKinnon’s treatment and the progress of the court case had been supportive.

Dr K, another UK hacker interviewed by the BBC News website, questioned why Mr McKinnon had to be extradited to be tried for the crimes for which he has already confessed.

He got sloppy and he got caught, he made a mistake. He really doesn’t deserve to get 70 years for what he did.

No one is saying he didn’t do anything wrong, but branding him a terrorist is going a bit far, I don’t think the US needs to make an example of him in this way.

Source: BBC News


09 May 2006 | 4,011 views

ASP.NET Memberships and Roles

If your familiar with asp.net, you’ll know the feeling of wasting hours searching through countless settings to get an app working, and then the many more hours it takes to tweak IIS to get your site running smoothly. But this is nothing compaired to getting authentication and domain controllers properly integrated. On Microsofts asp.net newsgroup the biggest single security issue mentioned is user error and bad setup, sometimes allowing things as stupid as anonymous users having full control of a web app.

4GuysFromRolla regular .net author Scott Mitchell has written a kick-ass guide to all things membership and role based, and if your producing an intranet or just a large webapp you will want to take a look. Allowing .net to manage your permissions and users can not only save you time, but takes out some of the many errors that can sneak in when your managing a large sites security manually.


08 May 2006 | 6,387 views

McAfee Seeds Mac Virus Threat FUD

What a surprise, McAfee spreading FUD to sell more copies of their bloated AV software?

Apart from the fact I think the whole AV model is flawed i.e. it can only protect against things the AV companies 1) know about 2) have written a definition for and 3) have delivered the definition to you – That’s a LOT of ifs.

Now McAfee is spreading some FUD about Apple viruses so they can sell their new Mac antivirus software.

Among its key findings, which McAfee clearly hopes will scare you enough to consider buying its anti-virus software for the Mac:

  • From 2003 to 2005, the annual rate of vulnerability discovery on on Apple;s Mac OS platform has increased by 228% compared to Microsoft’s products which only saw a 73% increase.
  • As demonstrated by its March 2006 patch, which corrected 20 vulnerabilities, Apple’s Mac OS platform is just as vulnerable to targeted malware attacks as other operating systems
  • Security researchers and hackers will increasingly target the Mac OS and other Apple products, such as iTunes and iPods.

The direct link to the McAfee whitepaper is here (PDF WARNING).

Here’s the part that is supposed to the Mac users worried.

Apple appears to be in the earlier stages of malware evolution where exploits are written and spreads as proof-of-concept to demonstrate technical prowess and garner notoriety. While these elements remain in the Windows malware community, they are being overshadowed today by the more professional, profit-seeking malefactors. Apples customer base does not yet provide an attractive enough target to warrant interest from this for-profit contingent. However, as Apple’s continued market success places its products in the hands of more and more consumers that status will inevitably change

Nice eh? Are you scared yet? I’m not..

I have to say from experience though, Mac users tend to be more tech savvy, they know a bit about their machines and the Operating System running on it.

Plus OSX does actually have some concepts of real priveledge seperation built in, unlike Windows. It’s basically *nix with a great Window Manager.

I mean niche doesn’t mean safe, but still, any virus that infects a properly designed operating system can’t do anything, other than delete that users files, assuming the virus can work out where they are..files which should be backed up anyway.

Proper OS security architecture renders antivirus software pointless.

Source: Business Week


08 May 2006 | 8,157 views

SinFP – Next Generation OS Detection Tool

OS Fingerprinting is an important part of any penetration test or hack as it allows you focus your efforts a lot more effeciently when point testing, rather than throwing everything at a machine like a script kiddy would. So let’s introduce a new option, other than p0f and xprobe2.

SinFP is a new approach to OS fingerprinting, which bypasses limitations that nmap has.

Nmap approaches to fingerprinting as shown to be efficient for years. Nowadays, with the omni-presence of stateful filtering devices, PAT/NAT configurations and emerging packet normalization, its approach to OS fingerprinting is becoming to be obsolete.

SinFP uses the aforementioned limitations as a basis for tests to be obsolutely avoided in used frames to identify accurately the remote operating system. That is, it only requires one open TCP port, sends only fully standard TCP packets, and limits the number of tests to 2 or 3 (with
only 1 test giving the OS reliably in most cases).

Features list:

  • full OS fingerprinting suite, built as a Perl module
  • active fingerprinting
  • passive fingerprinting (with signature matching made against active ones)
  • works the same over IPv4 and IPv6 (yes, IPv6 fingerprinting)
  • online mode
  • offline mode (especially useful when you have a pcap file)
  • heuristic matching algorithm to avoid the need to write new signature for a target stack which has some TCP option deactivated, or changed window size

To read more you can check out the SinFP Homepage.

You can download SinFP directly here.


07 May 2006 | 4,817 views

New Trojan Targets World Cup Fans – Troj/Haxdoor-IN

Ah, first we had the ransomeware, yesterday the trojan targetting WoW users, now we have the World Cup trojan..

It really must be Trojan season.

A Trojan horse that poses as a World Cup wallchart has begun circulating on the net. The Haxdoor-IN Trojan horse is been spamvertised in messages, written in German, that purport a program that will allow fans to keep tab on football teams participating in next month’s eagerly anticipated tournament.

Windows users who follow links in these messages and download the software will wind up with infected PCs. Net security firm Sophos says all the spam emails promoting downloads of the malware it has seen so far have been written in German. “There is no reason to believe that hackers will not switch to using other languages to increase their pool of potential victims,” it warns.

It has happened in similar ways before.

Virus writers have regularly taken advantage of World Cup competitions to promote their wares. A year ago, the Sober-N worm offered tickets to the tournament in an attempt to trap gullible users into opening an infectious email attachment. In 2002, the Chick-F virus tried to exploit fans’ desires to learn the latest scores from games in South Korea and Japan.

At the end of the day it all comes down to Social Engineering, hacking the wetware, always the weakest link..They may have firewalls, antivirus and anti-spyware software up the chute, but if you can make them run an executable their PC is yours. Especially on Windows where the concept of privelege segregation is extremely vague..

Theres a bit more info about the trojan over at Sophos: Haxdoor-IN.

Its aliases are:

  • Backdoor.Win32.Haxdoor.in
  • BKDR_HAXDOOR.GM
  • Backdoor.Haxdoor.J

Source: The Register


06 May 2006 | 13,701 views

New Password Stealing Trojan Targets WoW Players

It really does seem like the Malware/Spyware folks are really into making money nowdays, what with $15 spyware kits and Viruses that place your machine under lockdown until you pay the ransom..

What happened to people just doing stuff for learning, for enhancement of knowledge, deep understanding..not a quick few hundred dollars.

I have to say though targetting WoW users is a pretty smart and unique vector, as quite a lot of money does come from Virtual sources, selling level 60 characters, selling certain items, selling information and so on.

A new password-stealing Trojan targeting players of the popular online game “World of Warcraft” hopes to make money off secondary sales of gamer goods, a security company warned Tuesday.

MicroWorld, an Indian-based anti-virus and security software maker with offices in the U.S., Germany, and Malaysia, said that the PWS.Win32.WOW.x Trojan horse was spreading fast, and attacking World of Warcraft players.

The trojan spreads through the normal VB virus of the week vectors (email, network etc), but specifically targets WoW accounts.

The Trojan spreads via traditional vectors, such as e-mail and peer-to-peer file sharing, added Rammurthy, but it has also been watched while it installs in a drive-by download from gaming sites’ pop-up ads. The surreptitious installation is accomplished by exploiting various vulnerabilities in Microsoft’s Internet Explorer Web browser.

Interesting to see what comes next..

Source: Information Week