Archive | February, 2010

US School Remotely Spying On Kids With Webcams

Keep on Guard!


The big news that has been blowing up in the past week or so is about a relatively unknown school district in Pennsylvania, US that has been spying on its students using Macbook webcams.

It has actually turned into a class action lawsuit and there is a lot of debate surrounding the story, the school claims they were using the software and ‘spycam’ functionality simply to recover lost laptops rather than actually spying on their students remotely.

The lawsuit deals with the issue of unauthorised access to the webcams and the actions could also possibly violate wiretapping laws. The lawsuit itself can be found here [PDF].

A suburban Philadelphia school district accused of secretly switching on laptop computer webcams inside students’ homes says it never used webcam images to monitor or discipline students and believes one of its administrators has been “unfairly portrayed and unjustly attacked.”

The Lower Merion School District, in response to a suit filed by a student, has acknowledged that webcams were remotely activated 42 times in the past 14 months, but only to find missing, lost or stolen laptops — which the district noted would include “a loaner computer that, against regulations, might be taken off campus.”

“Despite some reports to the contrary, be assured that the security-tracking software has been completely disabled,” Superintendent Christopher W. McGinley said in a statement on the district’s Web site late Friday. Officials vowed a comprehensive review that McGinley said should result in stronger privacy policies.

Harriton High School student Blake Robbins and his parents, Michael and Holly Robbins, filed a federal civil rights lawsuit Tuesday against the district, its board of directors and McGinley. They accused the school of turning on the webcam in his computer while it was inside their Penn Valley home, which they allege violated wiretap laws and his right to privacy.

It’s turning into a massive case and is generating press all over the globe, someone powerful technology was used by a perhaps over-zealous network admin named Mike Perbix.

You can also check out this very well-written and researched post on the technologies and methods used here: The Spy at Harriton High

There are people on all sides of the fence in this case, I personally think it was an interesting and effective use of technology but definitely should not have been implemented without disclosure. If you want to officially spy on people for theft prevention or asset tracking you should forewarn them.

The suit, which seeks class-action status, alleges that Harriton vice principal Lindy Matsko on Nov. 11 cited a laptop photo in telling Blake that the school thought he was engaging in improper behavior. He and his family have told reporters that an official mistook a piece of candy for a pill and thought he was selling drugs.

Neither the family nor their attorney, Mark Haltzman, returned calls this week seeking comment. A listed number for Matsko could not be found.

“We believe that the administrator at Harriton has been unfairly portrayed and unjustly attacked in connection with her attempts to be supportive of a student and his family,” the statement on the Lower Merion School District site said. “The district never did and never would use such tactics as a basis for disciplinary action.”

A district spokesman declined further comment on the statement Saturday.

Lower Merion, an affluent district in Philadelphia’s suburbs, issues Apple laptops to all 2,300 students at its two high schools. Only two employees in the technology department, not administrators, were authorized to activate the cameras, which captured still images but not sound, officials said.

“While certain rules for laptop use were spelled out … there was no explicit notification that the laptop contained the security software,” McGinley said. “This notice should have been given, and we regret that was not done.”

There is a plethora of information about this online including testimonies from current students, previous students and parents of both.

Many students suspected they were being spied on and taped up the cameras, wisely so it seems. But for the average computer using teenager if the school network admin tells them the green light next to the camera blinking now and then is a glitch they are going to believe it.

That right there is lying and makes the whole thing horribly suspicious, surely you only have the right to spy on kids if you have their parents consent..and even then it’s still a bit shady.

Either way this is a morally, legally and technically interesting case and I’m sure it’ll be heating up even more before it blows over.

Source: Yahoo! News

Posted in: Hardware Hacking, Privacy

Topic: Hardware Hacking, Privacy


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


keimpx – Open Source SMB Credential Scanner

Keep on Guard!


keimpx is an open source tool, released under a modified version of Apache License 1.1. It can be used to quickly check for the usefulness of credentials across a network over SMB. Credentials can be:

  • Combination of user / plain-text password.
  • Combination of user / NTLM hash.
  • Combination of user / NTLM logon session token.

If any valid credentials has been discovered across the network after its attack phase, the user is asked to choose which host to connect to and which valid credentials to use, then he will be prompted with an interactive SMB shell where the user can:

  • Spawn an interactive command prompt.
  • Navigate through the remote SMB shares: list, upload, download files, create, remove files, etc.
  • Deploy and undeploy his own service, for instance, a backdoor listening on a TCP port for incoming connections.
  • List users details, domains and password policy.

You can download keimpx 0.2 here:

keimpx-0.2.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking

Topic: Hacking Tools, Networking Hacking


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


US Investigators Pinpoint Author Of Google Attack Code

Keep on Guard!


The big news over the past few months were the Aurora attacks and how they seemed to originate from China, last month Microsoft took the unusual step and released an Out-Of-Band patch for the IE6 0-Day vulnerability used in the attacks.

Within the last few days the origin of the code was traced to 2 Chinese schools which both claimed they had no knowledge of the exploit.

It was always thought the exploit originated from China due to parts of the code only being discovered on Chinese language sites, the latest news is that the actual origin of the code has been discovered by US investigators.

US investigators have pinpointed the author of a key piece of code used in the alleged cyber attacks on Google and at least 33 other companies last year, according to a new report.

Citing a researcher working for the US government, The Financial Times reports that a Chinese freelance security consultant in his 30s wrote the code that exploited a hole in Microsoft’s Internet Explorer browser. The report also says that Chinese authorities had “special access” to this consultant’s work and that he posted at least a portion of the code to a hacking forum.

The story follows another report from The New York Times that traced the attacks to a pair of Chinese schools – Shanghai Jiaotong University and Lanxiang Vocational School – claiming that the latter had ties to the Chinese military. A day later, representatives of both schools denied involvement to the Chinese state news agency, and the Lanxiang representative denied ties to the military.

It all sounds like a conspiracy from the TV show 24 with schools tied to the Chinese military and ‘special’ access to underground forums.

It’ll be interesting to watch which direction it heads after this and if it’s going to increase the tension between the US and China governments. The whole cyberwar has been going on for quite a while now with both sides trying to covertly steal information from each other.

So far the author of the code has not been named and his real identity or purpose is also a little vague.

According to The Financial Times report, the unnamed security consultant who wrote the exploit code is not a full-time government worker and did not launch the attacks himself. In fact, the FT says, he “would prefer not to be used in such offensive efforts.”

The reports says that when he posted the code to the hacking forum, he described it as something he was “working on.”

With a January blog post, Google announced that attacks originating from China had pilfered unspecified intellectual property from the company, and Microsoft later said the attack had exploited a hole in its Internet Explorer 6 browser. According to security researchers, at least 33 other companies were targeted by similar attacks.

If I understand correctly what is being implied above, the author of the code posted a PoC (proof of concept) type exploit to a hacking forum.

Someone took this PoC, turned it into a working exploit and attacked 33 US based companies. If the conspiracists are right this ‘someone’ would be the Chinese government and they used to the exploit to steal commercially valuable data from some big US players.

Any thoughts?

Source: The Register

Posted in: Exploits/Vulnerabilities, Hacking News

Topic: Exploits/Vulnerabilities, Hacking News


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.



Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


Google Buzz Patches XSS Flaw In Mobile Version

Keep on Guard!


You may or may not have noticed, but I was on hiatus for a few days. As you’re probably aware (and I’m sure many of you celebrate) it was Chinese New Year on February 14th so I was offline for a few days taking a well deserved break.

I’d like to wish all of you that celebrate it a Happy Chinese New Year.

Anyway the big news during this period, especially in the whole social networking scene has been Google Buzz. Is the next challenger to Twitter or Friendfeed or even Facebook? Personally I think not, but it sure has got people talking.

Google has fixed a cross-site scripting bug that allowed attackers to take control of Google Buzz accounts. The bug affects the mobile version of Buzz and was reported Feb. 16 by SecTheory CEO Robert Hansen. Google patched the vulnerability the same day. According to Hansen, news of the flaw was passed along to him by a hacker with the moniker of TrainReq.

“There [are] four things of note here,” Hansen blogged. “Firstly, it’s on Google’s domain, not some other domain like Google Gadgets or something. So, yes, it’s bad for phishing and for cookies. Secondly, it’s over SSL/TLS [Secure Sockets Layer/Transport Layer Security] (so no one should be able to see what’s going on, right?). Third, it could be used to hijack Google Buzz—as if anyone is using that product (or at least you shouldn’t be). And lastly, isn’t it ironic that Google is asking to know where I am on the very same page that’s being compromised?”

The news from the last few days included a cross site scripting flaw in the mobile version of Google Buzz.

It was fixed promptly because the guy that discovered it was kind enough to tell Google about it.

As always though if something was discovered so quickly and reported so quickly how many more flaws are there being used by the bad guys out there.

Hansen was referring to the location feature in Buzz that shows where Buzz users are when they post. This feature can be turned off by the user.

“We have no indication that the vulnerability was actively abused,” a Google spokesperson said. “We understand the importance of our users’ security, and we are committed to further improving the security of Google Buzz.”

In the week since Buzz was launched Feb. 9, Google has faced criticism over privacy issues associated with the service. On Feb. 16, the Electronic Privacy Information Center filed a complaint with the Federal Trade Commission that charged Google with failing to protect users’ privacy. In an interview with eWEEK, Google Vice President of Product Management Bradley Horowitz said the company did not expect the negative response that Google Buzz received on the privacy issue.

There was also a big outcry about privacy when Buzz was launched due the fact it automatically populates your following list with people you often converse with.

Imagine if you’d been hunting for a new job and talking to someone from a competitor and your boss saw it? Or a husband chatting with another woman and his wife saw who he was ‘following’? There are a lot of permutations, all of which are not good so use your imagination.

eWeek also did another article about the privacy concerns here – Buzz Privacy Backlash.

Source: eWeek

Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking

Topic: Exploits/Vulnerabilities, Privacy, Web Hacking


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


Darknet – A Finalist For The 2010 Social Security Bloggers Awards

Keep on Guard!


2010 Social Security Bloggers Awards

Well this is a first for me and this blog, Darknet has been nominated for a blogging award and selected as a finalist! There’s some heavy-weights in our category too like SANS ISC and Evil Bytes from Dark Reading.

If you don’t know about SBN (Security Bloggers Network) it’s a VERY good collection of RSS feeds in the security arena, blogs rather than news sites hence the name.

It started out way back as a Feedburner group consolidating all the security related blog feeds on the Feedburner network into one feed. You can find the current RSS feed here:

Security Bloggers Network

With our contributions here:

Darknet – Security Bloggers Network

If you’re interested do check out the members (you’ve probably already subscribed to quite a few) and some of the stronger ones are amongst the nominations below.

Obviously being in the same category as SANS ISC I won’t be wasting any time writing an acceptance speech. It is an honor to be in the same list as blogs like Bruce Schneier’s and Tao Security even if it’s in a different category.

You can find a complete listing of the finalists here:

Best Technical Security Blog

SANS Internet Storm Center
Evil Bytes by John Sawyer
Praetorian Prefect
Darknet.org
Frequency X ISS blog

Best Non-Technical Security Blog

Security Uncorked
Schneier on Security
Krebs on Security
ThreatPost
TaoSecurity

Best Security Podcast

PaulDotCom
SANS ISC Stormcast
An Information Security Place
CSO Security Insights
Security Catalyst

Best Corporate Security Blog

Jeremiah Grossman (White Hat Security)
Sophos Graham Cluley Blog
Microsoft Security Response Center
Fortiguard Blog
Cisco Security Blog

Most Entertaining Security Blog

Rational Survivability by Chris Hoff
Security Incite by Mike Rothman
Uncommon Sense Security by Jack Daniel
SecBarbie by Erin Jacobs
Emergent Chaos by Adam Shostack and ensemble

Good luck to everyone and may the best blog win.

If you’re also a member of the SBN you can place your vote here:

2010 Social Security Bloggers Awards Voting

You can find the original post on the RSA Conference blog by Alan Shimel here:

Let the voting begin . . .

Posted in: Site News

Topic: Site News


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.