Archive | June, 2010

Australians Propose ‘No Anti-virus – No Internet Connection’ Policy

Outsmart Malicious Hackers


So after a year of research and debate, what did the Aussies come up with? A policy to disconnect people from the Internet if they get infected by a virus..

Rather naive isn’t it? Plus if your ISP cuts you off, how exactly are you supposed to resolve the problem without a connection to do research and download updates/patches?

AUSTRALIANS would be forced to install anti-virus and firewall software on their computers before being allowed to connect to the internet under a new plan to fight cyber crime. And if their computer did get infected, internet service providers like Telstra and Optus could cut off their connection until the problem was resolved.

Those are two of the recommendations to come from a year-long inquiry into cyber crime by the House of Representatives Standing Committee on Communications. Results of the inquiry, titled Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime, were released last night in a 260-page report. In her foreword, committee chair Belinda Neal said cyber crime had turned into a “sophisticated underground economy”.

“In the past decade, cyber crime has grown from the nuisance of the cyber smart hacker into an organised transnational crime committed for vast profit and often with devastating consequences for its victims,” Ms Neal said.

Also if they push to make software developers legally responsible for flaws in their software I think the Aussie market is going to miss out on a lot of software that’s being sold elsewhere. Who’s going to want to sell software when a 0-day exploit in your software opens you up to direct claims from the consumers using your software?

I applaud what they are doing, because consumer education and Government action is required for a country to increase its level of information security and reduce the cases of phishing and fraud.

During its inquiry the committee heard a growing number of Australians were being targeted by cyber criminals and that increasing internet speeds were likely to make the situation worse. It also heard the problem was costing Australian businesses as much as $649 million a year.

The committee looked at several different examples of cyber crime, including hacking, phishing, malware and botnets. Among its final 34 recommendations were:

  • The creation of an around-the-clock cyber crime helpline.
  • Changes to the law to make unauthorised installation of software illegal.
  • Companies who release IT products with security vulnerabilities should be open to claims for compensation by consumers.

Another of its recommendations was to create a new “e-security code of practice” that would define the responsibilities of internet service providers and their customers.

There’s no realistic way that the ISPs can monitor the level of security on consumers computers, Microsoft is already pushing this hard with its ‘Action Center’ that warns users if they have disabled the firewall, don’t have anti-virus software installed or have not configured Windows Update.

Either way I don’t think consumers and software producers will be very happy if the government do actually implement this policy.

Source: News.com.au

Posted in: Legal Issues, Malware, Privacy

Topic: Legal Issues, Malware, Privacy


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


OpenSCAP – Framework For Implementing SCAP (Security Content Automation Protocol)

Outsmart Malicious Hackers


The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities. It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the framework for community use of SCAP

SCAP is a line of standards managed by NIST. It was created to provide a standardized approach to maintaining the security of enterprise systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise.

The SCAP suite contains multiple complex data exchange formats that are to be used to transmit important vulnerability, configuration, and other security data. Historically, there have been few tools that provide a way to query this data in the needed format. This lack of tools makes the barrier to entry very high and discourages adoption of these protocols by the community. It’s our goal to create a framework of libraries to improve the accessibility of SCAP and enhance the usability of the information it represents. Tools for parsing SCAP documents and querying content must be created to achieve this. This requires common set of interfaces to be defined and implemented to meet this need. It is the intent of this project to provide these interfaces and functional examples that would allow others in the open-source and vendor communities to make use of SCAP while minimizing the effort needed to gain value from it.

You can download OpenSCAP here:

openscap-0.5.11.tar.gz

Or read more here.

Posted in: Countermeasures, Legal Issues, Security Software

Topic: Countermeasures, Legal Issues, Security Software


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


Windows Help Vulnerability Exploited In The Wild

Outsmart Malicious Hackers


So the other big news this week apart from the AT&T iPad/iPhone 4 screw-up is that a recently announced critical vulnerability in Windows XP is being exploited in the wild.

It was disclosed fairly recently and is a vulnerability in the Windows XP help system disclosed by Tavis Ormandy, a Google researcher who has appeared on this site quite a number of times.

It’s dangerous because a victim can be compromised completely (including remote code execution) just by visiting a malicious web page.

Five days after it was disclosed in a highly controversial advisory, a critical vulnerability in Microsoft’s Windows XP operating system is being exploited by criminal hackers, researchers from anti-virus provider Sophos said on Tuesday.

The flaw in the Windows Help and Support Center was disclosed on Thursday by researcher Tavis Ormandy. His public advisory came just five days after he privately informed Microsoft of the defect, prompting fierce criticism from some circles that he hadn’t given the software giant adequate time to fix the hole. That made it easier for attackers to target the bug, which allows attackers to take complete control of vulnerable machines when a user views a specially designed webpage, the critics howled.

According to Sophos, researchers have seen the first case of a website using the vulnerability to install malicious software on victim machines. “This malware downloads and executes an additional malicious component (Troj/Drop-FS) on the victim’s computer, by exploiting this vulnerability,” they warned.

Well there’s some discussion on the issue going on about responsible disclosure with people saying Tavis made the advisory public too quickly after informing Microsoft. It’s a fair comment considering Microsoft and it’s Patch Tuesday policy which limits the speed in which they can push patches out.

We all know how often Microsoft pushes out-of-bound patches out, very rarely if at all.

Add the fact that Windows XP is coming to the end of it’s life-cycle soon, it’s unlikely they are going to be scrambling to get a patch out.

Microsoft soon amended its own advisory on the vulnerability to say researchers are “aware of limited, targeted active attacks that use this exploit code.” Although the vulnerability also afflicts Windows Server 2003, Microsoft’s advisory said that OS wasn’t “currently at risk from these attacks.”

Ormandy’s advisory has reignited the age-old debate over full disclosure, in which researchers publish complete details of a vulnerability under the belief that it is the best way to ensure a company fixes it quickly. Ormandy has defended his decision to give Microsoft just five days of advanced warning saying in a recent tweet: “I’m getting pretty tired of all the ‘5 days’ hate mail. Those five days were spent trying to negotiate a fix within 60 days.”

Users of XP and Server 2003 should consider disabling features within Help Center that allow administrators to remotely log onto machines.

Oh well, the debates about disclosure will rage on I guess, either way it’s out there now and it’s being exploited in the wild – so as of now it’s a real risk.

For individual users you can use the online application from Microsoft here:

Vulnerability in Help Center could allow remote code execution

Source: The Register

Posted in: Exploits/Vulnerabilities, Windows Hacking

Topic: Exploits/Vulnerabilities, Windows Hacking


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks

Outsmart Malicious Hackers


raw2vmdk is an OS independent Java utility that allows you to mount raw disk images, like images created by “dd”, using VMware, VirtualBox or any other virtualization platform supporting the VMDK disk format.

It could be an interesting tool for doing forensics examinations on compromised boxes when all you have is a dd dump of the drive to work on, it allows you to easily mount the disk in your favourite virtualization platform and get to work doing some forensic analysis.

It analyzes the raw image and creates an appropriately formatted “.vmdk” file that can be used to mount the image right away.

raw2vmdk is written in Java and is designed to be OS independent, simple and flexible. It creates an appropriately structured VMDK file that refers to the raw image, which can then be mounted by VMware, VirtualBox or any other virtualization platform supporting the VMDK disk format, as if it were an actual virtual drive. Thus preserving space and allowing for very fast deployment.

It is extremely simple to use and provides the required results in seconds. This is a new tool, so if you have any feedback please do leave it in the comments below or contact the author directly.

You can download raw2vmdk here:

raw2vmdk-0.1.1.tar.gz

*EDIT* 18/6/2010

keydet89 on Twitter asked about the difference between this tool and LiveView so I asked the author and here’s his reply:

Actually I’m using a couple of their classes to get the disk geometry details needed for the vmdk file. I acknowledge that in my blog and the AUTHORS file.

You see I needed to boot a 74GB pfSense raw image for analysis and “qemu-img convert” is too slow for that kind of thing. Then I came across LiveView, I reviewed the code and manually replicated the process of creating a suitable vmdk file in order to boot the image using VMware.

After I was done my first plan was to port LiveView to *nix, but after a chat with the maintainer and a more detailed review of the LiveView code it proved to be too time consuming. So I decided to automate the manual process I followed and because there’s no need to reinvent the wheel I reused the classes LiveView is using to get the disk geometry.

LiveView is a good tool but very tightly coupled with MS Windows and can’t work from the command line. I needed something OS independent and easy to incorporate into scripts, mainly because I don’t use Windows. Plus, in the code it seemed that LiveView is actually manipulating the VMware ESX, I didn’t much care for that.

I think it’s best to just create the required .vmdk file to allow someone to boot/mount the drive they need and just get the hell out of their way. So overnight I had raw2vmdk ready and you know the rest. :)

You can read more about raw2vmdk at his blog here:

Zapotek’s train of thought…

Or read more here.

Posted in: Forensics, Security Software

Topic: Forensics, Security Software


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


iPhone 4 Pre-Order System Exposes Customer Data

Outsmart Malicious Hackers


The big talk over the past weekend was about this, the AT&T system for recording pre-sales records for the new Apple iPad exposed account information. I didn’t think it was a big deal until they did something similar again today with the iPhone 4…the second time in one week – that must be some kind of record?

It seems that people logging in where often greeted by someone else’s details, most likely the system got overloaded and that led to some funky linking of unsychronised database servers. Despite all the problems however AT&T sold out on launch-day! The busiest day in AT&T history so they claim.

Preordering for Apple’s iPhone 4 got off to a rocky start on Tuesday, with long lines, system outages, and an AT&T server that exposed sensitive account information for existing users of the must-have mobile device.

For the second time in less than a week, Gizmodo reported, AT&T was caught exposing private information belonging to Apple customers. The breach came when existing iPhone owners placed advanced orders for the newest iPhone, which is scheduled to go on sale on June 24. After entering their account credentials, certain customers were logged in to accounts belonging to other users, potentially exposing the names, addresses, and phone logs of an unknown number of people, the website said.

The privacy snafu follows a report last week that email addresses for more than 114,000 early adopters of Apple’s iPad were exposed by an overly generous application on AT&T’s website. As a result, email addresses for some of the rich and powerful — including New York Times Co. CEO Janet Robinson, ABC Newswoman Diane Sawyer, film mogul Harvey Weinstein, and New York Mayor Michael Bloomberg — were shared with world+dog.

This story was published today by Gizmodo who has been sharing e-mails their readers have sent in showing the wrong data after logging in.

By the looks of things it’s not slowing down orders or stopping anyone from putting their details in the system, so I hope AT&T does something to rectify it soon.

AT&T representatives didn’t respond to an email seeking comment. Gizmodo shared emails sent by five readers who all recounted the same error.

“I logged in to Att.com in the pre-order frenzy,” a reader named Ethan wrote in one. “I was immediately greeted by someone elses personal information.” Gizmodo included multiple screen shots the publication said belonged to people other than the person who logged in.

Tuesday’s breach came as numerous people reported being unable to complete iPhone 4 preorders. Many who tried to order online received a message reading “There was an error processing your request. Please try again later.” Many customers who tried to order in person were greeted by long lines.

Despite the difficulty, AT&T sold out of launch-day preorders several hours later, with AT&T telling Engadget it “was the busiest online sales day in AT&T history.”

The paranoid amongst us may indeed think there is some mass scale fraud going on and perhaps someone has compromised the AT&T customer records system and is billing other people for iPhones they are taking delivery of.

Well if that’s happening I’m sure the news will come out soon enough unless AT&T manages to sweep it under the carpet.

Either way, if you’re an AT&T customer..I’d be careful if I were you.

Source: The Register

Posted in: Apple, Exploits/Vulnerabilities, Privacy

Topic: Apple, Exploits/Vulnerabilities, Privacy


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


Onapsis Bizploit – ERP Penetration Testing Framework

Outsmart Malicious Hackers


Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests.

Bizploit is expected to provide the security community with a basic framework to support the discovery, exploration, vulnerability assessment and exploitation of ERP systems.

The term “ERP Security” has been so far understood by most of the IT Security and Auditing industries as a synonym of “Segregation of Duties”. While this aspect is absolutely important for the overall security of the Organization’s core business platforms, there are many other threats that are still overlooked and imply much higher levels of risk. Onapsis Bizploit is designed as an academic proof-of-concept that will help the general community to illustrate and understand this kind of risks.

Currently Onapsis Bizploit provides all the features available in the sapyto GPL project, plus several new plugins and connectors focused in the security of SAP business platforms. Updates for other popular ERPs are to be released in the short term.

You can download Bizploit here:

Bizploit v1.00-rc1 for Windows
Bizploit v1.00-rc1 for Linux

Or read more here.

Posted in: Database Hacking, Security Software

Topic: Database Hacking, Security Software


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.