Archive | March, 2014

Security Vendor Trustwave Named In Target Suit

Use Netsparker


You might remember earlier in March, the Target CIO resigned due to the huge breach in December last year.

Now in an unprecedented move, the banks are suing Target’s security vendor – Trustwave. It’s a class-action suit accusing them of failing to detect the breach. It seems a bit of a stretch though, there’s no such thing as 100% as we all know, holding the security vendor responsible in this case seems a little unfair.

Trustwave

Security vendor Trustwave was accused in a class-action suit of failing to detect the attack that led to Target’s data breach, one of the largest on record.

Target, which is also named as a defendant, outsourced its data security obligations to Trustwave, which “failed to live up to its promises or to meet industry standards,” alleged the suit, filed Monday in U.S. District Court for the Northern District of Illinois.

Plaintiffs Trustmark National Bank of New York and Green Bank of Houston claim Target and Trustwave failed to stop the theft of 40 million payment card details and 70 million other personal records.

The lawsuit, one of dozens filed against Target, illustrates the growing frustration of banks burdened with the costs of reissuing compromised cards and their willingness to pull in other companies viewed as culpable into legal battles.

Support agreements between companies and security vendors are often confidential, and it was not clear from the suit how the banks determined Trustwave was one of Target’s contractors.

A Trustwave spokeswoman said Tuesday via email the company doesn’t confirm its customers or comment on pending legal matters. Target also said it also does not comment on pending litigation.


Everything factual seems to be legally shielded at the moment, as I would expect with any type of infosec related vendor. There will be NDAs in place and Trustwave have already stated that it’s against their policy to acknowledge who their clients are.

Also details about lawsuits don’t tend to come out until all parties are satisfied and the discussions are over.

The suit contends Target retained Trustwave to monitor its computer systems and ensure compliance with PCI-DSS, an industry security recommendation pushed by MasterCard and Visa to protect cardholder data from leaking.

Trustwave claims on its website to provide guidance to millions of businesses for compliance with PCI standards with testing and assessment teams.

Trustwave scanned Target’s network on Sept. 20, 2013 and told Target no vulnerabilities were found, the suit alleges.

Target has said it believed attackers stole the data between Nov. 27, 2013, and Dec. 15, 2013, via malicious software installed on point-of-sale devices.

The malware collected unencrypted payment card details after a card was swiped and briefly held in a computer’s memory, capitalizing on a unknown weakness despite years of efforts to harden payment systems.

U.S. banks have spent more than US$172 million reissuing cards, the suit said, citing figures from the Consumer Banker Association. The total cost of the breach to retailers and banks could exceed $18 billion, the suit claims.

The suit, which asks for a jury trial, seeks unspecified compensatory and statutory damages.

I don’t really think Trustwave is at fault here, from what I understand they are simply conducting PCI compliance scans. Which doesn’t cover any kind of deep, long term attack like this.

It covers basic, off the shelf, non zero-day vulnerabilities in software and web services. I think we’ll have to wait a little longer to get more details.

Source: Network World

Posted in: Legal Issues

Topic: Legal Issues


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Blackhash – Audit Passwords Without Hashes

Use Netsparker


A traditional password audit typically involves extracting password hashes from systems and then sending those hashes to a third-party security auditor or an in-house security team. These security specialists have the knowledge and tools to effectively audit password hashes. They use password cracking software such as John the Ripper and Hashcat in an effort to uncover weak passwords.

Password Hashes

However, there are many risks associated with traditional password audits. The password hashes may be lost or stolen from the security team. A rogue security team member may secretly make copies of the password hashes. How would anyone know? Basically, once the password hashes are given to the security team, the system manager must simply trust that the password hashes are handled and disposed of securely and that access to the hashes is not abused.

Blackhash works by building a bloom filter from the system password hashes. The system manager extracts the password hashes and then uses Blackhash to build the filter. The filter is saved to a file, then compressed and given to the security team. The filter is just a bitset that contains ones and zeros. It does not contain the password hashes or any other information about the users or the accounts from the system. It’s just a string of ones and zeros. You may
view a Blackhash filter with a simple text editor. It will look similar to this:

00000100000001000100001

When the security team receives the filter, they use Blackhash to test it for known weak password hashes. If weak passwords are found, the security team creates a weak filter and sends that back to the system manager. Finally, the system manager tests the weak filter to identify individual users so that they can be contacted and asked to change passwords.

This enables you to audit passwords without actually giving out the hashes.

Pros

  • Password hashes never leave the system team.
  • Works with any simple, un-salted hash. LM, NT, MD5, SHA1, etc.
  • Security auditors do not have to transmit, handle or safe-guard the password hashes.
  • Anonymizes the users. The filter contains no data about the users at all.

Cons

  • Slower than traditional password cracking methods.
  • More complex than traditional password cracking methods.
  • Bloom Filters may produce a few false positives (very few in this case).

You can download Blackhash here:

Source – Blackhash_0.2.tar.gz
Windows – bh.exe

Or read more here.

Posted in: Hacking Tools, Password Cracking

Topic: Hacking Tools, Password Cracking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


NSA Large Scale TURBINE Malware Also Target Sysadmins

Use Netsparker


So more revelations coming out about the NSA from the latest batch of documents leaked by Edward Snowden.

This time they detail a huge malware infection system created for widespread infections, it seems fairly advanced with the ability to spit out different types of malware depending on the target. Other than the TURBINE malware engine, there’s also some other interesting stuff like HAMMERSTEIN and HAMMERCHANT designed to intercept and snoop on VoIP and VPN connections.

NSA Turbine Malware

The latest batch of top-secret intelligence documents from the hoard collected by NSA whistleblower Edward Snowden detail the massive increase in the agency’s use of its Tailored Access Operations (TAO) hacking unit – including a system dubbed TURBINE that can spam out millions of pieces of sophisticated malware at a time.

The presentation slides, published by The Intercept, show that 10 years ago the NSA had infiltrated and tapped a modest number of computers, but has since hugely bolstered its toolkit and increased its target list. Within eight years, the number of active pieces of implanted spyware was in the tens of thousands, and slides show an extensive arms catalog of malware for the TAO team to choose from.

“One of the greatest challenges for active SIGINT/attack is scale,” explained one presentation from 2009, marked top secret. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).”

The solution was to build TURBINE, which can carry out “automated implants by groups instead of individually,” and scale to operate millions of implants at a time. This command-and-control server includes an “expert system” that automatically picks the right malware for a victim and installs it on their computer, thus “relieve the [TURBINE] user from needing to know/care about the details.”


It’s some interesting stuff with discussions about scaling SIGINT attacks, there’s some pretty detailed analysis over here:

How the NSA Plans to Infect ‘Millions’ of Computers with Malware

Which includes decryption technology and plug-ins to grab web browsing logs, key strokes and record from the microphone.

TURBINE was active from at least July 2010, the documents state, and has infected up to 100,000 devices and machines, with more planned. According to the agency’s 2013 budget files, some of the $67.6m of taxpayer dollars allocated to the NSA’s TAO team went to maintaining and developing the system.

TURBINE also links into a NSA sensor system dubbed TURMOIL, which taps into computer networks around the world to monitor data traffic and identify potential targets. It can track down a mark from their email address or IP address, which device he or she is using, or by web cookies from Google, Microsoft, Twitter, Yahoo! and others.

While terrorist targets are mentioned, it’s clear from the documents that system administrators are also high on the todo list for the TAO team. One comment on an internal NSA message board system was titled simply: “I hunt sys admins.”

“Sys admins are a means to an end,” it states. “Once you have control of the IT manager’s computer then it’s easy to monitor any “government official that happens to be using the network some admin takes care of.”

Pwning the sysadmin is useful for malware attacks against large commercial routers and to defeat VPNs. The documents detail two pieces of NSA-developed malware, HAMMERCHANT and HAMMERSTEIN, which are designed to sit on routers and eavesdrop on VoIP traffic, and grab encryption keys to decrypt supposedly secure VPN connections, all in real time.

Targeting sysadmins is a means to an end, as if you can compromise them – you pretty much have access to everything, including core routers/switches/firewalls/vpn concentrators etc.

Plus servers and more if you can get hold of their SSH private key or passwords from keylogging/file grabbing etc.

Pretty hardcore stuff.

Source: The Register

Posted in: Malware, Privacy

Topic: Malware, Privacy


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


ODA – Online Web Based Disassembler

The New Acunetix V12 Engine


ODA stands for Online DisAssembler. ODA is a general purpose machine code disassembler that supports a myriad of machine architectures. Built on the shoulders of libbfd and libopcodes (part of binutils), ODA allows you to explore an executable by dissecting its sections, strings, symbols, raw hex, and machine level instructions.

ODA is an online Web Based Disassembler for when you don’t have time or space for a thick client.

ODA - On-line Web Based Disassembler

You can use it for a variety of purposes such as:

  • Malware analysis
  • Vulnerability research
  • Visualizing the control flow of a group of instructions
  • Disassembling a few bytes of an exception handler that is going off into the weeds
  • Reversing the first few bytes of a Master Boot Record (MBR) that may be corrupt
  • Debugging an embedded systems device driver

You can check out the online disassembler here:

http://onlinedisassembler.com/odaweb/

Posted in: Exploits/Vulnerabilities, Secure Coding

Topic: Exploits/Vulnerabilities, Secure Coding


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Target CIO Beth Jacob Resigns After Huge Breach

The New Acunetix V12 Engine


So the latest news this week is that the Target CIO Beth Jacob has resigned, it seems to be somewhat linked to the massive heist of credit card details from Target that took place in December last year.

To be fair it was a fairly complex, high-level attack and I’m pretty sure most companies would have been infiltrated with a similarly pervasive attack vector.

Beth Jacob - Target CIO

Target CIO Beth Jacob has apparently fallen on her sword in the wake of the massive security breach in mid-December that compromised 40 million debit and credit cards and swept national headlines. Her resignation was rendered this week effective immediately.

“If you look at the history of other large data breaches, turnover at the top of the IT shop is not unusual,” says retail IT consultant Cathy Hotka.

Target CEO Gregg Steinhafel says the retailer is now looking outside the company for a CIO to succeed Jacob and help overhaul its network security, according to the Wall Street Journal.

Ironically, Jacob, who has a sterling reputation among retail CIOs, was thought of as a great hire by Target in 2008, Hotka says.

Target’s security incident — from the sophisticated breach to Steinhafel penning a mea culpa open letter to Target customers to running apologetic ads in the Wall Street Journal and other major publications to Jacob’s resignation — is a watershed moment for retail CIOs. They are now faced with rethinking their data security strategy.

The kind of breach that occurred at Target was highly sophisticated. Hackers slipped their software into Target’s computer systems via credentials stolen from one of Target’s vendors, reported the Wall Street Journal. The software eventually made its way to checkout stations and began amassing credit card data.


Having worked in this industry for many years, it really comes as no surprise how lackadaisical corporate information security can be at times.

And this was a pretty slick multi-level attack coming in at first through a vendor’s access, and eventually landing on the POS terminals – as was the plan from the beginning I would imagine.

“The people who are responsible for these kinds of breaches are well-organized, criminal enterprises,” Hotka says. “If you went to go up to a bunch of retail CIOs and asked them, ‘Could this have happened to you?’ the answer would be, yes.”

CIOs are put in a tough position because they’re not given adequate security funding, Hotka says. She recalls five years ago when the CIO of apparel and home fashions retailer TJX Companies had asked for additional data security resources and didn’t get them. A massive security breach followed, compromising millions of credit card numbers. TJX Companies agreed to pay $40.9 million to resolve potential claims by banks.

Given the growing sophistication of attacks, retail CIOs must now reconsider whether or not managing the risk in-house is wise. As Jacob’s resignation shows, a retail CIO is culpable yet might not have the know-how or resources to protect the company.

So should retail CIOs outsource data security to the experts?

“I think at this stage it’s not unreasonable,” Hotka says.

There’s a LOT of articles going around about this at the moment, many concerning who’s to blame, was it the CIO? who’s fault is it that engineers brought up that they felt there’s a problem? and so on.

Could the CIO have prevented this? Perhaps if she was very technical and on the ground concerning security practice, but honestly there should be a CSO for that and it falls more under the remit of the CTO than the CIO in my eyes.

Source: Network World

Posted in: Exploits/Vulnerabilities, Legal Issues, Malware, Privacy

Topic: Exploits/Vulnerabilities, Legal Issues, Malware, Privacy


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


EyeWitness – A Rapid Web Application Triage Tool

Use Netsparker


EyeWitness is a rapid web application triage tool designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

EyeWitness

The author would love for EyeWitness to identify more default credentials of various web applications. So as you find devices which utilizes default credentials, please e-mail him the source code of the index page and the default credentials so he can add it in to EyeWitness. You can e-mail to EyeWitness [@] christophertruncer [dot] com.

Inspiration came from Tim Tomes’s PeepingTom Script. The author just wanted to change some things, and then it became a thought exercise to write it again himself.

EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or nessus xml output. The -t (timeout) flag is completely optional, and lets you provice the max time to wait when trying to render and screenshot a web page. The –open flag, which is optional, will open the URL in a new tab within iceweasel.

Setup

Navigate into the setup directory and run the setup.sh script.

Usage

Examples

You can download EyeWitness here (Or clone the Github repo):

master.zip

Or read more here.

Posted in: Hacking Tools, Privacy, Web Hacking

Topic: Hacking Tools, Privacy, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.