Archive | May, 2010

Federal Authorities Have Seized More Than $143 Million USD Of Fake Network Equipment


What a surprise, another quiet weekend – nothing much has been going on apart from the big furore about Facebook privacy – which frankly has been discussed to death.

Other than that, 2 critical patches are expected in the next Microsoft patch Tuesday – info here and here.

One story which I did find interesting was about fake networking gear, mostly Cisco which the Feds have been seizing for the past 5 years under Operation Network Raider – with more than 700 seizures and 30 felony convictions, that sure is a lot of dodgy gear out there!

Federal authorities over the past fives year have seized more than $143m worth of counterfeit Cisco hardware and labels in a coordinated operation that’s netted more than 700 seizures and 30 felony convictions, the Justice Department said Thursday.

Operation Network Raider is an enforcement initiative involving the FBI, Immigration and Customs Enforcement and Customs and Border Protection agencies working to crack down on the bogus routers, switches and other networking gear. In addition to costing Cisco and other US businesses millions of dollars, the scams could threaten national security by infusing critical networks with gear that’s unreliable or, worse, riddled with backdoors.

As part of the operation, Ehab Ashoor, 49, a Saudi citizen residing in Sugarland, Texas, was sentenced this week to 51 months in prison and ordered to pay Cisco $119,400 in restitution after being found guilty of trying to sell counterfeit gear to the US Department of Defense. In 2008, he attempted to traffic 100 gigabit interface converters that were bought in China and contained labels fraudulently indicating they were genuine Cisco equipment, according to court documents. The kit was to be used by the US Marine Corps for communications in Iraq

The scary part for me is not that this stuff is out there, but that it is being sold to the US government! Especially that some was destined to be used by the US Military in Iraq. Now with the relations between China and the US the conspiracy theorists could come up with some interesting thoughts on this.

The sentences handed out are pretty stiff though with 51 months in prison, even though I guess it’ll be some cushy white-collar prison and not some hardcore federal penitentiary.

In January, 33-year-old Chinese resident Yongcai Li was ordered to serve 30 months in prison and pay restitution of $790,683 for trafficking counterfeit Cisco gear, officials said.

The prospect that government and business networks may have deployed bogus gear has raised national security concerns, since much of the counterfeit equipment originates in China. Similar espionage fears were raised by research from University of Illinois researchers, who in 2008 showed how they were able to modify a Sun Microsystems SPARC microprocessor to effectively create a hardwired backdoor capable of logging passwords or other sensitive data.

In May of 2008, Cisco officials said they had no evidence that any of the counterfeit networking gear contained backdoors.

Since late 2007, US authorities have made more than 1,300 seizures of 5.6 million bogus semiconductors. More than 50 shipments were falsely marked as military or aerospace grade devices. The Justice Department’s press release is here.

From the restitution figures it seems like Yongcai Li sold a lot higher volume than Ehab Ashoor but his prison sentence is much shorter. Perhaps he was given a more lenient sentence as he wasn’t directly trying to sell the fake gear to the US government and military.

They state none of the networking equipment contained backdoors, but then if they did – would they really tell anyone? They were obviously trying to buy cheap gear on the side rather than dealing directly with Cisco – not a wise decision.

Source: The Register

Posted in: Legal Issues

Topic: Legal Issues


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


Jarlsberg – Learn Web Application Exploits and Defenses


This codelab is built around Jarlsberg /yärlz’·bərg/, a small, cheesy web application that allows its users to publish snippets of text and store assorted files. “Unfortunately,” Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Jarlsberg and in general.

Jarlsberg Vulnerable Web Application

The codelab is organized by types of vulnerabilities. In each section, you’ll find a brief description of a vulnerability and a task to find an instance of that vulnerability in Jarlsberg. Your job is to play the role of a malicious hacker and find and exploit the security bugs. In this codelab, you’ll use both black-box hacking and white-box hacking. In black box hacking, you try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and responses to guess server behavior. You do not have access to the source code, although understanding how to view source and being able to view http headers (as you can in Chrome or LiveHTTPHeaders for Firefox) is valuable. Using a web proxy like Burp or WebScarab may be helpful in creating or modifying requests. In white-box hacking, you have access to the source code and can use automated or manual analysis to identify bugs. You can treat Jarlsberg as if it’s open source: you can read through the source code to try to find bugs. Jarlsberg is written in Python, so some familiarity with Python can be helpful.


However, the security vulnerabilities covered are not Python-specific and you can do most of the lab without even looking at the code. You can run a local instance of Jarlsberg to assist in your hacking: for example, you can create an administrator account on your local instance to learn how administrative features work and then apply that knowledge to the instance you want to hack. Security researchers use both hacking techniques, often in combination, in real life.

If you wish to test the hosted version of Jarlsberg you can do so here:

http://jarlsberg.appspot.com/start

You can download Jarlsberg here:

jarlsberg-code.zip

Or read more here.

Posted in: Countermeasures, Exploits/Vulnerabilities, Web Hacking

Topic: Countermeasures, Exploits/Vulnerabilities, Web Hacking


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


Untethered Userland Jailbreak For iPhone 3.1.3 & iPad 3.2 Has Arrived


It’s been a long time since we’ve covered any kind of Jailbreak apps, although we did cover some stories where owners of jailbroken devices were getting pwned by Rickrolling followed up shortly after with a malicious version of the worm.

I thought I’d cover this anyway as the iPad seems to be ‘the next big thing’ and everyone is talking about (even if they hate it), so I thought it’d be a worthy story. Anyway the latest news is someone has released an untethered userland jailbreak for iPhones, iPods and iPads running the latest version.

The all-in-one untethered iDevice jailbreak for iPhone 3.1.3, iPad 3.2 and iPod touch 2G/3G is finally here. Available for both Windows and Mac OS X, Spirit is a userland jailbreak but it does not work out-of-the browser as previously thought. It is in fact a simple one click app, like Blackra1n which can jailbreak (not unlock) any Apple iDevice on iPhone 3.1.2 or 3.1.3.

It is also important to note here that Spirit wont unlock your phone. It is a jailbreaking tool only that will only work on devices which are activated via iTunes. So if you rely on an unlock, DO NOT upgrade to stock firmware or you’ll be stuck. Unlock for iPhone 3.1.3 on 05.12.01 baseband wont be out before the next iPhone hit the shelves. And that wont be before June/July of this year.

You can find the jailbreak software here:

http://www.spiritjb.com/

What’s Spirit?

  • Spirit is an untethered jailbreak for iPad, iPhone, and iPod touch on the latest firmwares.
  • Spirit is not a carrier unlock.
  • If you currently are using a tethered jailbreak, you have to restore to use Spirit. Do not upgrade if you use an unlock on an iPhone 3G or 3GS. (You can, however, restore to 3.1.2 if you have SHSH blobs for that version.)

Do note, this is just a jailbreak and NOT a carrier unlock, so don’t b0rk your phone if you have a network locked model.

Source: Redmond Pie

Posted in: Apple, Hardware Hacking

Topic: Apple, Hardware Hacking


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool


OpenDLP is a free and open source, agent-based, centrally-managed, massively distributable data loss prevention tool released under the GPL. Given appropriate Windows domain credentials, OpenDLP can simultaneously identify sensitive data at rest on hundreds or thousands of Microsoft Windows systems from a centralized web application. OpenDLP has two components: a web application and an agent.

Web Application

  • Automatically deploy and start agents over Netbios/SMB
  • When done, automatically stop, uninstall, and delete agents over Netbios/SMB
  • Pause, resume, and forcefully uninstall agents in an entire scan or on individual systems
  • Concurrently and securely receive results from hundreds or thousands of deployed agents over two-way-trusted SSL connection
  • Create Perl-compatible regular expressions (PCREs) for finding sensitive data at rest
  • Create reusable profiles for scans that include whitelisting or blacklisting directories and file extensions
  • Review findings and identify false positives
  • Export results as XML
  • Written in Perl with MySQL backend

Agent

  • Runs on Windows 2000 and later systems
  • Written in C with no .NET Framework requirements
  • Runs as a Windows Service at low priority so users do not see or feel it
  • Resumes automatically upon system reboot with no user interaction
  • Securely transmit results to web application at user-defined intervals over two-way-trusted SSL connection
  • Uses PCREs to identify sensitive data inside files
  • Performs additional checks on potential credit card numbers to reduce false positives

You can download OpenDLP v0.1 here:

OpenDLP-0.1.tar.bz2

Or read more here.

Posted in: Forensics, Hacking Tools, Privacy

Topic: Forensics, Hacking Tools, Privacy


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


New Malware Variants More Malicious Than ILOVEYOU Bug


So no big surprise here, malware is getting more malicious! It’s good to know though and it’s good that companies out there like Messagelabs, under the watchful eye of Symantec, are trying to measure what is going on in malware land.

The malware/worm landscape has always been a fast moving one and my guess is it’s only going to get faster as more of the World gets an Internet connection, a basic grasp of coding and a greed to scam money from people.

A decade after the Love Bug virus attacked millions of computers worldwide and put the Philippines in the IT world map in a negative way, computer security experts have noticed that today’s computer attacks are more malicious than the original computer security threat. In its April 2010 security report, Symantec said it has detected 36,208 unique strains of malware that were designed to carry out targeted attacks.

MessageLabs, which was acquired by Symantec later, was the first one to raise the alert on the Love Bug virus, which was designed to overwrite and destroy data. The virus came in the form of a message attachment when, once opened, sent itself to the addresses of the email recipient and spread on from there.

Ten years since Symantec Hosted Services, then MessageLabs, intercepted 13,000 copies of the virus in a single day on 4 May 2000, MessageLabs Intelligence said it now stops 1.5 million copies of malicious e-mails each day.

The latest is that the malware of today is more malicious than the infamous ILOVEYOU worm that broke out 10 years ago in the year 2000.

You can see the jump is scales though, from 13,000 in a day to 1.5 million in a day. I still tell people the reason we need such vast storage clouds and such fast Internet connections is because of only 2 things – porn and spam.

It seems the dynamics have changed too, the bad guys are no longer writing mass spreading spammy malware – but sending much more malicious and highly targeted viruses.

“Although mass mailing viruses like the Love Bug are rare today, cyber criminals’ techniques have evolved to more malicious, highly targeted attacks and they are motivated less by achievement and credibility than by financial gain and identity theft,” Symantec said in a statement. “On 4 May, 2000, 1 in 28 e-mails contained the Love Bug virus. By comparison, 1 in 287.2 e-mails contained a virus on 9 April 2010, the peak for April. In April 2010 overall, MessageLabs Intelligence intercepted 36,208 unique strains of malware.”

“The Love Bug was operating in the wake of the Melissa virus, a similarly destructive worm from the previous year,” said MessageLabs Intelligence senior analyst Paul Wood. “Back then, users were less savvy, regarding the dangers posed by suspicious e-mail attachments and e-mails from unknown senders. The general public was also less aware of issues such as spam and denial of service attacks.”

The April 2010 MessageLabs Intelligence Report also revealed that Rustock has surpassed Cutwail as the biggest botnet both in terms of the amount of spam it sends and the amount of active bots under its control.

Botnet dynamics have also shifted a bit with Cutwail being knocked off the top spot and replaced by Rustock.

Rustock was knocked back a while ago and the Next-gen botnets were touted to replace it along with Srizbi.

Source: Network World

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).