Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

22 February 2006 | 5,369 views

Jan 2006 Virus and Spam Statistics

Prevent Network Security Leaks with Acunetix

January at a glance: Vicious and Varied
The numbers are indeed concerning: 19 new email-born significant virus attacks, of which a troubling 8 (42%) were graded “low intensity”, 7 (37%) “Medium Intensity” and 4 (21%) were massive attacks & a rare phenomenon for a single month.

One outbreak of specific interest, consisting of 7 variants, illustrates how viruses are growing in sophistication: the first variant was launched around December 25th as a low intensity virus, however with subsequently released variants the attack’s intensity grew into a massive outbreak towards the end of the month.

The biggest virus attacks are the quickest & fast-moving solutions required
One of the factors measured by Commtouch is the speed of distribution. We consider attacks that peak within eight hours to have “short spans”, since it takes an average of 8-10 hours for a traditional anti-virus vendor to release an updated signature blocking a new virus.

Computer virus statistics from the Commtouch Detection Center indicate that 40% of attacks during January met this profile. Also, there is a clear connection between the attack’s speed and its intensity & the faster attacks are the biggest ones: while the average distribution time of low intensity attacks is a ‘leisurely’ 27 hours and medium-intensity attacks can take 17 hours, massive attacks take as little as 5.5 hours to spread in hundreds of millions of emails.

“The conclusion is clear” adds Lev. “Without a reliable solution for early hour protection that complements the old fashion anti-virus solutions, users are unprotected from the most massive attacks.”

Anti-virus engine statistics & is your AV up for the challenge?
Based in part on a reliable third party lab test, Commtouch was able to compare detection times of 21 leading AV engines against 19 new viruses in January. The results:

- On average, each AV completely missed 6.2 viruses (the attack was completed, and a signature was not yet available).
- The average response time to new viruses among all AV engines was 8.12 hours.

“The data should be of great concern to AV vendors and IT managers alike,” said Lev. “An eight hour response spells a simple truth & a traditional AV solution does not stand a chance against massive attacks that end before a signature is even released.”

Spam is physically sent primarily from the US
The Commtouch Detection Center monitors spam distribution patterns on a global level. January spam statistics show that 43.18% of global spam is sent from US-based sources (down from approximately 50%). China is also a significant ‘launching pad’ for 12.89% of the spam. Korean and German sources distribute about 4% of global spam, and the rest of spam originates from around the globe.

Source: Commtouch



21 February 2006 | 4,177 views

Google has no license for China service

Internet search giant Google Inc.’s controversial expansion into China now faces possible trouble with regulators after a Beijing newspaper said its new Chinese-language platform does not have a license.

The Beijing News reported on Tuesday that Google.cn, the company’s recently launched service that accommodates the China’s censorship demands, “has not obtained the ICP (Internet content provider) license needed to operate Internet content services in China.”

The Ministry of Information Industry, which regulates China’s Internet, was “concerned” and investigating the problem, the paper said.

Google has weathered criticism from United States lawmakers, international free speech advocates and Chinese dissidents for abiding by Chinese censors’ demands that searches on its new Chinese service block links about sensitive topics, such as Tibet and the 1989 anti-government protests in Tiananmen Square.

A spokesperson for Google told the paper that it shared an ICP license with another, local company, Ganji.com & a practice followed by many international companies in China, including Yahoo Inc. and eBay Inc..

Source: ABC News


21 February 2006 | 4,122 views

Antitrust case against Apple approved

Back in September, we posted about Thomas Slattery, an unhappy iTunes user who filed a class action lawsuit against Apple alledging that Apple has a monopoly over the digital music and digital music player market with iTMS and iPods. Back then, the judge dismissed a number of items in Apple’s favor, but didn’t dismiss the whole case. Well it appears as if the case has been approved to go forward, as Mr. Slattery has apparently “met all requirements” for such a lawsuit.

Judge Ware has given Slattery the go-ahead to proceed with his monopolization claim under the federal Sherman Antitrust Act, according to eHomeUpgrade. Slattery claimed that Apple’s system freezes out competitors, and while one antitrust expert called it a long shot, another antitrust law professor said that the key to such a lawsuit would be convincing a court that a single product brand like iTunes is a market in itself separate from the rest of the online music market.

Is the iTMS and the iPod an entire separate market, in and of itself? While I don’t personally think so (iTMS may hold a large majority of the marketshare for digital music, but I still consider there to be some competition), I can see how a lawyer for the aforementioned Mr. Slattery may try to argue such a thing but they would have to argue that Apple has been so overwhelmingly successful in the digital music market as a whole that they have completely taken it over and created their own market, separate from the likes of Napster or Creative music players, in which no one else can enter but themselves.

The fact that the suit got approved to go forward is a little scary, however. We have to wonder: what, pray tell, might the outcome be and how might it affect Apple’s loyal user base?

Source: Arstechnica


21 February 2006 | 5,485 views

Severe Security Hole in Apple Mac Safari Web Browser

As the German IT portal heise online conveys, a new security hole in the Safari webbrowser for Apple’s Mac OS X has been discovered. This security hole is rather severe, as it invokes the execution of shell scripts under certain circumstances.

Once again the Safari option “open safe” files automatically after download bears the blame. If this facility runs across a shell script that is missing the so-called Shebang-row, the system won’t ask the user whether to execute the file automatically anymore – it’ll just execute it anyways. Unfortunately you can simply rename a shellscript without a Shebang-row to known-good filetype extensions like JPG or PNG and put that renamed script into a ZIP file – zipping as well an administrative file that’ll connect that file with the shell. A target Mac then “knows” automatically how to open that file if it receives that ZIP – it’ll take it as totally normal to execute the “jpg file” with the shell.

To circumvent this issue immediately, you can exercise two countermeasures – the first one is to disable that unsafe option in Safari, the second one is to move the terminal to another place, as the connection between shellscript and terminal has a hardcoded file path to the terminal. Additionally, you should never ever work with administrator privileges – as one should be used to with windoze, this rule of thumb has the same virtues on a Mac as well

Source: 4null4.de

A rare exploit for Mac eh, it is possible to exploit, it’s not just a theory, you can find a proof of concept here:

http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html

With a Babelfish Translation.


20 February 2006 | 16,708 views

Google’s Defense of Privacy – Tells Feds to BACK OFF

Google has offered multiple reasons why it shouldn’t have to comply with a Justice Department subpoena. One is privacy. An excerpt:

If Google is forced to compromise its privacy principles and produce to the Government on such a flimsy request, its search query and URL data, Google will, without a doubt, suffer a loss of trust among users. Google’s success can be attributed in large part to the high volume of Web users attracted to Google.com every day. The privacy and anonymity of the service are major factors in the attraction of users–that is, users trust Google to do right by their personal information and to provide them with the best search results. If users believe that the text of their search queries into Google’s search engine may become public knowledge, it only logically follows that they will be less likely to use the service.

The Justice Department subpoena normally would have been a routine matter, and America Online, Microsoft and Yahoo voluntarily complied with similar requests. But Google’s resistance sparked a furor over privacy, with Sen. Patrick Leahy, a Vermont Democrat, asking the Justice Department for details, and a bill appearing in the House of Representatives that would require Web sites to delete information about visitors.

Google lashed out at the U.S. Justice Department on Friday, saying that a high-profile request for a list of a week’s worth of search terms must not be granted because it would disclose trade secrets and violate the privacy rights of its users.

In a strongly worded legal brief filed with a federal judge in San Jose, Calif., the search company accused prosecutors of a “cavalier attitude,” saying they were “uninformed” about how search engines work and the importance of protecting Google’s confidential information from disclosure.

This response came after the Justice Department last month asked a judge to force Google to hand over a random sample of 1 million Web pages from its index, along with copies of a week’s worth of search terms to aid in the Bush administration’s defense of an Internet pornography law. That information is supposed to be used to highlight flaws in Web filtering technology during a trial this fall.

Source: Cnet


20 February 2006 | 175,775 views

Browse Anonymously at Work or School – Bypass Firewall & Proxy

AnonymousInet has relaunched! A nice clean FREE web based proxy service.

AnonymousInet

http://www.anonymousinet.com/

Works great for me, it’s fast and free!

It also encodes the URL so stupid simple content filters wont stop it.


19 February 2006 | 7,706 views

Spanish ‘Super’ Hacker Jailed for 2 Years over DoS attack

A Spanish hacker who launched a denial of service attack that hobbled the net connections of an estimated three million users has been jailed for two years and fined 1.4m. Santiago Garrido, 26, (AKA Ronnie and Mike25) launched the attack using a computer worm in retaliation for been banned from the popular “Hispano” IRC chat room for breaking its rules.

The resulting surge in malicious traffic disrupted an estimated three million users of Wanadoo, ONO, Lleida Net and other ISPs, or approximately a third of Spain’s net users, at the time of the 2003 attack.

Source: The Register

Graham Cluely of Sophos states:

This type of activity causes serious damage and disruption, and any hackers engaged in such behaviour must be punished accordingly. The Spanish Civil Guard should be congratulated for seeing this case through to its conclusion

Sophos believes that more than 60 per cent of all spam today originates from zombie computers, which can be used by criminal hackers to launch distributed denial-of-service attacks, spread unwanted email messages or to steal confidential information


18 February 2006 | 10,865 views

NSA Tracking Nmap and Other Open Source Tools

Check it out!

NSA Nmap

US President George W. Bush visited the NSA headquarters at Fort Meade in January 2006. A wall-sized status screen in the background displays the latest versions of Nmap and some of our other favorite open source tools. Pictures were printed in the February 6, 2006 edition of Newsweek (article) and the Jan 27 Washington Post (article). The page on the screen is the Talisker Radar. We don’t like the NSA tracking our phone calls and email, but they may track Nmap releases all they want.

Loading an external web site on their giant screen was risky.

Source: Insecure.org

The picture was printed in the Washington Post.

I imagine their normal NOC/SOC screen isn’t so interesting and they were like “Bush is coming, anything pretty to put on the projector?”


17 February 2006 | 34,510 views

Locate anyone in the UK via SMS

By using one of the many mobile phone location tracking services aimed at businesses or concerned parents, and some trickery it is possibly to get almost anyone’s mobile phone position without their agreement. All that is required is their mobile phone number, and carrier.

Over the past year a number sites have popped up offering web based mobile phone tracking services. To use their services you purchase a monthly subscription or set number of credits, and enter in the targets phone number. The target then receives an SMS message asking them to confirm they consent to the tracking. After the target replies, the tracker can then request their position online and receive a street address, post code, and map of their location with an accuracy of around 250 meters.

Source: Rootsecure

  • Although it is possible to get the location of a phone the target will receive the various SMS confirmation messages, alerting them to the fact they are being tracked.
  • Malicious use can be traced back to the tracker via credit card records / the trackers registered phone.

More:

For the past week I’ve been tracking my girlfriend through her mobile phone. I can see exactly where she is, at any time of day or night, within 150 yards, as long as her phone is on. It has been very interesting to find out about her day. Now I’m going to tell you how I did it.

The Guardian

A service has launched in the UK which allows you to track any mobile phone around the globe and follow its movements from your own computer. The Guardian ran a feature on it yesterday called ‘How I stalked my girlfriend’. It painted a scary picture.

The service is run by World-Tracker, a company based on the Isle of Man. When a mobile number is entered onto the World-Tracker website, a text message is sent to that phone, to ask if the person carrying the phone wishes to be tracked.

The Register


17 February 2006 | 76,888 views

BackTrack – A merger between WHAX and Auditor

BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions namely Whax and Auditor.

Combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.

BackTrack

Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.

A full list of the tools in BackTrack are available now.

You can download BackTrack now.

I’m pretty excited about this as WHAX and Auditor were my favourite two bootable security Distros, I’ve been using WHAX since wayback when it was WHoppix, and it was a bit cheesy.

I’ve also found F.I.R.E, Helix and plain Knoppix useful.