Jeremiah Grossman, director tècnic de WhiteHat Security explica en aquest vídeo la diferència entre la seguretat de les aplicacions web i la seguretat a nivell de xarxa així com del procés de valoració de la seguretat. També comenta la seva experiència com responsable de seguretat a Yahoo!
[SANS Institute] Windows Animated Cursor Handling vulnerability. Microsoft anuncia l'existència d'una vulnerabilitat en la gestió dels punters animats de ratolí. Afecta a Windows 2000 SP4, Windows XP SP2, Windows 2003 SP1 i Windows Vista.
Affected are Win2k SP4, XP SP2, Server 2003 and Vista. While Animated cursors are usually downloaded as .ani files, blocking these files is not sufficient to mitigate the vulnerability. We have received reports of this vulnerability being exploited in the wild using files renamed to jpeg.
Mitigation:
Microsoft is reporting that users of Internet Explorer 7 with Protection Mode are protected from active exploitation. Note that this does not apply to Outlook !;
E-mails opened in plaintext will not show embedded ANI files. Note that HTML attachments can still be interpreted when separately clicked upon. [Thunderbird | Outlook & 2.0]
Anti-virus detection is very spotty. We've tested some of the exploits and they were detected by Windows Live OneCare 1.2306 and McAfee 4995. One specific file was also discovered by a product triggering on a signature written for MS05-002, a similar vulnerability from 2005. This will not apply to most exploits in the wild.
RegLookup és una eina per sistemes Unix per accedir, en modalitat de lectura, el registre dels sistemes Windows NT, 2000 i XP.
RegLookUp is a small command line utility for reading and querying Windows NT/2K/XP registries. RegLookupUp is released under the GNU PL, and is implemented in ANSI C,
(..)
Currently the program allows one to read an entire registry and output it in a (mostly) standardized, quoted format. It also provides features for filtering of results based on registry path and data type.
[FCW] VA gives thumbs down to thumb drives. Les agències nord-americanes comencen a regular l'ús de memòries USB i, en general, qualsevol dispositiu mòbil que permeti extreure una gran quantitat d'informació.
A number of agencies say they are abandoning a culture in which almost everyone could take information out of the office on a mobile device and are creating a new culture in which people must justify taking any data off the network, where it is relatively secure.
The VA plans to institute a policy, beginning in April, that will require employees to use only approved thumb drives that hold no more than 2G of data and meet the National Institute of Standards and Technology’s Federal Information Processing Standard 140-2 for encrypting data.
«The FIN Bit», revista especialitzada en el Wireshark (l'antic Ethereal), Winpcap i eines relacionades per a l'anàlisi del tràfic de les xarxes de comunicacions.
El primer número es publicarà durant el segon trimestre d'enguany.
This paper suggests that administrators form a new way of conceptualizing evidence collection across an intranet based on a model consisting of linked audit logs. This methodology enables the establishment of a chain of evidence that is especially useful across a corporate intranet environment. Administrators are encouraged to plan event configuration such that audit logs provide complementary information across the intranet. Critical factors that determine the quality of evidence are also discussed and some limitations of the model are highlighted.
Founded in June of 2005 as the brainchild of Pedram Amini, the Open Reverse Code Engineering community was created to foster a shared learning environment among researchers interested in the field of reverse engineering. Heavily modeled on the architecture of Greg Hoglund'srootkit.com, OpenRCE aims to serve as a centralized resource for reverse engineers (currently heavily win32/security/malcode biased) by hosting files, blogs, forums articles and more.
Per darrera de França i Alemanya... I Madrid, la ciutat europea amb més ordinadors infectats per un bot.
Madrid, Spain had the most bot-infected computers of any city in the EMEA region during the second half of 2006, accounting for six percent of the total.
(...)
Madrid, Spain had the most bot-infected computers of any city in the EMEA region during the last half of 2006, accounting for six percent of the total (table 4). Bot-infected computers are commonly used relay spam. Madrid ranked number one for spam zombies in EMEA, accounting for six percent of the world's 17 Therefore, it is reasonable to conclude that total. Spain has traditionally been a hotbed for spammers. that bot infected computers in Madrid are commonly being used to relay spam. With the prominence of bot-infected computers there, it is likely that it will continue to be a hotbed for spammers until ISPs in Spain develop more effective methods of controlling bot networks.
L'OLPC (One Laptop per Child) és un dels projectes més interessants dels últims anys, tant des del punt de vista social com del tecnològic.
Acaben de publicar el seu model de seguretat que canvia els estàndards habitualment utilitzats al món Unix, tot demanant a la comunitat especialitzada en seguretat la seva revisió:
System security on the One Laptop per Child's XO laptop 2 The Bitfrost security platform
The 1971 version of UNIX supported the following security permissions on user files:
non-owner can change file (write)
non-owner can read file
owner can change file (write)
owner can read file
file can be executed
file is set-uid
These permissions should
(...)
We have set out to create a system that is both drastically more secure and provides drastically more usable security than any mainstream system currently on the market. One result of the dedication to usability is that there is only one protection provided by the Bitfrost platform that requires user response, and even then, it's a simple 'yes or no' question understandable even by young children. The remainder of the security is provided behind the scenes. But pushing the envelope on both security and usability is a tall order, and as we state in the concluding chapter of this document, we have neither tried to create, nor do we believe we have created, a "perfectly secure" system. Notions of perfect security are foolish, and we distance ourselves up front from any such claims.
Crec, sincerament, que aquest nou model de seguretat ràpidament evolucionarà de l'OLPC a la resta de sistemes, especialment aquells que estan pensats per a l'ús per part dels usuaris finals. Això fa que aquesta lectura sigui encara molt més interessant.
XSSSHELL (MD5SUM:- 0947babc5801dabce902869a44f85048) XSS Shell is a powerful XSS backdoor. XSS Shell allows interactively getting control over a Cross-site Scripting (XSS) vulnerability in a web application. Demonstrates the real power and damage of Cross-site Scripting attacks.
Download Here
ICMPENUM (MD5SUM:- 4bb81d349b6b45e78cafab32c38955e3) Host enumeration is the act of determining the IP address of potential targets on a network. This can be done in both layer 2 and layer 3. Icmpenum sends ICMP traffic for such enumeration. The ICMP packets supported are: Echo, Timestamp, Information and Netmask. Furthermore, it supports spoofing and promiscuous listening for reply packets. Icmpenum is great for enumerating networks which allow ICMP traffic.
Download Here
SYNSCAN (MD5SUM:- b704c17689a8c75a49722d54eb43f260) Another aspect of enumeration of hosts is the determining of TCP ports in an OPEN state, that is to say TCP ports which respond to SYN packets with a Syn and the ACK flag set, Syn-Ack. Synscan is impressively fast at determinining this via the use of two processes, one to send the Syn packets and one to listen for the responses. NB: At first start with low settings as it can impact systems if it is run too fast. The portparse utility is also a useful little tool!
Download Here
ONESIXTYONE (MD5SUM:- 79a231d09c02c65105a00ece992b18f7) This is an updated verison of the well known onesixtyone SNMP bruteforce tool. Onesixtyone is an SNMP scanner that sends multiple SNMP requests to multiple IP addresses, trying different community strings and waiting for replies. This version fixes a number of bugs in other publically available versions of the software, such as allowing for very large dictionary files and reading target IP addresses from a file.
Download Here
APACHE_USERS (MD5SUM:- 2fb2e8c2432bc6255387848b29d15e27) Apache username enumerator, via /~username requests. This script uses a list of common system names like root, admin etc ... You should manually check the issue to establish the http return code, ie: 403 as this is needed for the command line. No native SSL support.
Download Here
ENUM4LINUX (MD5SUM:- 5e28652f9fa7db9f9a25c4efd68a163d) Simple shell script which attempts to use RID cycling to extract a list of users from Windows (or Samba) hosts which have RestrictAnonymous set to 1 (Windows NT and 2000), or "Network access: Allow anonymous SID/Name translation" enabled (XP, 2003). Dependancy info: You will need to have the smbclient package installed as this script is basically just a wrapper around rpcclient (to do the RID cycling) and nmblookup (to grab the workgroup/domain).
Download Here
IPSORT (MD5SUM:- c640f49174bb5e9637080f5b4c553dfa) Ipsort's a very handy little utility that sorts a list of IPs on STDIN to STDOUT. This means any file filled with IP addresses that needs sorting can be passed to it on the command line and it will sort and order them for you. This utility is extremely versatile and exceptionally useful.
Download Here
FUZZLED (MD5SUM:- 4d71849c1f07e89ae4289ac6557e4693) Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them .
Download Here
A security researcher has found a way hackers can make PCs of unsuspecting Web surfers do their dirty work, without having to actually commandeer the systems.
That's possible with a new security tool called Jikto. The tool is written in JavaScript and can make PCs of unknowing Web surfers hunt for flaws in Web sites, said Jikto creator Billy Hoffman, a researcher at Web security firm SPI Dynamics. Hoffman, who developed the tool as a way to advance Web security, plans to release Jikto publicly later this week at the ShmooCon hacker event in Washington, D.C.
Jikto is a Web application vulnerability scanner. It can silently crawl and audit public Web sites, and then send the results to a third party, Hoffman said. Jikto can be embedded into an attacker's Web site or injected into trusted sites by exploiting a common Web security hole known as a cross-site scripting flaw, he said.
A common question that people ask is "I have model ABC wireless card, is it compatible with Aircrack-ng?" or "What card should I buy?" or "Can my card do injection?" and so on. This tutorial address these questions.
[Via BoingBoing] El servei online «The Well» no ha acceptat la petició d'accés que ha realitzat en Kevin Mitnick... la gràcia de tot això és que «The Well» va ser un dels sistemes utilitzats per Mitnick abans de ser detingut l'any 1995 (llegiu més sobre això a «Takedown» i «The Fugitive Game»
Snip:
From: The WELL Help Desk
Date: Mar 2, 2007 11:36 AM Subject: Your registration for membership in The WELL To: mitnick@...
We have decided not to offer you membership in The WELL. Your payment will be refunded, and your application is denied.
Sempre s'aprèn alguna cosa llegint aquí i allà. Fins ara mai m'havia preocupat de saber que verificacions que tot sovint trobeu a les pàgines web i que permeten evitar els atacs automatitzats dels spammers tenen un nom i que, a més, no sempre són eficaces.
El nom d'aquestes imatges és captchas (Completely Automated Public Turing test to Tell Computers and Humans Apart, o en català test de Turing públic i automàtic per a diferenciar a màquines d'humans).
¿Le han pedido alguna vez que, para usar un servicio de la red, introduzca las letras y números que aparecen en una imagen? Es un "captcha", una medida de defensa contra los programas robot que llenan los blogs de correo basura, revientan encuestas o crean cuentas gratuitas con fines ilícitos. Sirve para que el servicio sepa que somos humanos y a veces falla porque, precisamente, somos humanos.
Bé, una vegada més els spammers demostren que sempre hi ha algun mètode per saltar-se aquestes verificacions
La herramienta más común contra estos robots siguen siendo los "captchas" y, conscientes de ello, los criminales contraatacan: "Primero pagaban a personas para resolverlos, pero no les salía a cuenta. Ahora usan el reconocimiento óptico de caracteres (OCR), utilizado en los escaners".
(...)
Están apareciendo fórmulas alternativas de "captchas", como pedir que se resuelva una suma sencilla, mostrar diversas imágenes y preguntar algo relacionado con ellas (¿Qué persona es rubia?) o hacer un puzzle. Pero, aunque consigan engañar a los robots, los viejos y nuevos "captchas" adolecen de un gran problema: no todo el mundo puede resolverlos.
L'únic IDS del que tinc constància que utilitzi aquest format estàndard és el Prelude
Prelude is an Hybrid IDS framework, that is, it is a product that enable all available security application, be it opensource or proprietary, to report to a centralized system. In order to achieve this task, Prelude relies on the IDMEF (Intrusion Detection Message Exchange Format) IETF standard, that enables different kinds of sensors to generate events using an unified language.
How can a single researcher, working in his spare time, find what countless professional software testing people, working full time for the largest software companies in the world, can't find? The secret lies within a methodology called "black box testing," a term that is known in technical circles as "fuzzing".
Fuzzing is a concept that, until recently, has mostly been used on the wrong side of the fence. Fuzzing is a testing technique that automates the search for security vulnerabilities in software without having access to the source code of the application. The lack of source code and other design information is why this testing method is called "black box" testing. It's like looking at a black, opaque box and trying to find holes in it, without having access to the blueprint or design documents.
The current Internet security threat environment is characterized by an increase in data theft, data leakage and the creation of malicious code targeting specific organization for information that can be used for financial gain. Attackers are now refining their methods and consolidating their assets to create global networks that support coordinated criminal activity.
Volume XI includes a new category: "Underground Economy Servers". These are used by criminals and criminal organizations to sell stolen information, including government-issued identity numbers, credit cards, bank cards and personal identification numbers (PINs), user accounts, and email address lists. To reduce facilitating identity theft, organizations should take steps to protect data stored on or transmitted over their computers. It is critical to develop and implement encryption to ensure that any sensitive data is protected from unauthorized access.
Volume XI also tracks top countries for malicious activity with geographical data on: bot-infected computers, bot command-and-control servers, phishing Web sites, malicious code reports, spam relay hosts, and Internet attacks. This activity is then linked to the top 25 countries based on Internet users, equating the proportion of malicious activity that could be attributed to a single (average) Internet user in that country.
An intrusion detection system can be an effective technical control in the modern world of information and network security. One option that provides for low cost NIDS sensor deployment is the use of the open source IDS software Snort in combination with a consumer grade LinkSys cable/DSL router and the open source firmware distribution OpenWrt. These three items together from a powerful yet inexpensive unit that delivers IDS, routing, firewall, wireless, and NAT functionality for use in a light-weight environment, i.e. consumer or small business deployments.
Aplicació comercial per a la visualització tridimensional del tràfic de la xarxa.
Network Intelligence is a network traffic measurement and visualisation tool. In many situations the people who run todays network really know very little about the traffic their network is being asked to carry and subsequently how to best design the network. Network Intelligence fills that void by providing answers to questions regarding who to peer with, as well as the ability to run what-if simulations with real traffic. A slick OpenGL 3D interface provides a unique visualisation experience compared to the largely text-based tools more commonly available today.
Example screenshot from the X-windows version of the software
La llei, d'aprovar-se en el redactat actual, s'aplicarà a qualsevol mena de comunicació electrònica i obligarà al proveïdor a emmagatzemar les dades necessàries per a la identificació de les persones que hi participen durant un any.
Entre les dades que caldrà enregistrar:
Artículo 1. Objeto de la Ley
(...)
2. Esta ley se aplicará a los datos de tráfico y de localización sobre personas físicas y jurídicas y a los datos relacionados necesarios para identificar al abonado o usuario registrado.
3. Se excluye del ámbito de aplicación de esta ley el contenido de las comunicaciones electrónicas, incluida la información consultada utilizando una red de comunicaciones electrónicas.
Artículo 2. Sujetos obligados
operadores que presten servicios de comunicaciones electrónicas.
Artículo 3. Datos objetos de conservación
a) Datos necesarios para rastrear e identificar el origen de una comunicación:
(...)
2. Con respecto al acceso a Internet, correo electrónico por Internet y telefonía por Internet:
La identificación de usuario asignada
La identificación de usuario y el número de teléfono asignados a toda comunicación que acceda a la red pública de telefonía
El nombre y dirección del abonado o del usuario registrado al que se le ha asignado en el momento de la comunicación una dirección de Protocolo de Internet (IP), una identificación de usuario o un número de teléfono
b) Datos necesarios para identificar el destino de una comunicación
(...)
2. Con respecto al acceso a Internet, correo electrónico por Internet y telefonía por Internet:
La identificación de usuario o el número de teléfono del destinatario o de los destinatarios de una llamada telefónica por Internet.
Los nombres y direcciones de los abonados o usuarios registrados y la identificación de usuario del destinatario de la comunicación
c) Datos necesarios para determinar la fecha, hora y duración de una comunicación:
(...)
2. Con respecto al acceso a Internet, al correo electrónico por Internet y a la telefonía por Internet:
La fecha y hora de la conexión y desconexión del servicio de acceso a Internet...
La fecha y hora de la conexión del servicio de correo electrónico por Internet o del servicio de telefonía por Internet...
d) Datos necesarios para identificar el tipo de comunicación:
(...)
2. Con respecto al acceso a Internet, al correo electrónico por Internet
El servicio de Internet utilizado
e) Datos necesarios para identificar el equipo de comunicación de los usuarios
(...)
3. Con respecto al acceso a Internet, correo electrónico por Internet y telefonía por Internet:
El número de teléfono de origen en caso de acceso mediante marcado de números.
La línea digital de abonado (DSL) u otro punto terminal identificador del autor de la comunicación.
Artículo 5. Período de conservación de los datos
(...)
doce meses
(..)
Artículo 10. Régimen aplicable al Incumplimiento de obligaciones contempladas en esta Ley.
El incumplimiento de las obligaciones previstas en esta Ley se sancionará de acuerdo con lo dispuesto en la Ley 32/2003, de 3 de noviembre, sin perjuicio de las responsabilidades penales que pudieran derivar del incumplimiento de la obligación de cesión de datos a los agentes facultados.
Segurament és el primer "tallafocs" especialitzat en ports USB per a màquines Windows. Aquesta aplicació protegeix els ordinadors davant la inserció de nous dispositius al port USB: l'administrador rep un missatge cada vegada que es connecta un dispositiu no autoritzat al port USB d'un ordinador, alhora que en bloqueja l'ús.
With Secure it Easy you can control and monitor the use of all portable storage devices connected to your PC and just authorize specific devices (Trusted Devices) that you permit for the use on the protected PC.
You can authorize for example your personal digital camera, your iPod or a specific USB Flash Drive. This way you ensure that your data goes only where it should go. Any other devices that is not a Trusted Device will simply not work on the PC and therefore not offer the chance to copy and leak data to it and vice versa also not be able to run malicious programs from the portable storage device.
She hacked the Windows Vista kernel, she administered a Blue Pill to an operating system, and she pioneered rootkit detection research, but Joanna Rutkowska doesn't know how to drive a car.
(...)
"When Microsoft announced last year that the kernel would be protected from loading [unauthorized] code, I thought, 'hmmm, that's a nice challenge. I should play with this,'" Rutkowska recalls with a smile.
(...)
Rutkowska's first hack came after reading a famous article in Phrack magazine about a stack-smashing exploit, which she then compiled herself and tested. "I read the article, and said, 'no, this couldn't work. It's impossible,'" she recalls. "And it actually did work."
[Bruce Schneier] The Psychology of Security. Assaig que tracta sobre la sensació de seguretat: quan s'aconsegueix, que aporta i quines diferències hi ha sobre la realitat de la seguretat.
Four fields of research--two very closely related--can help illuminate this issue. The first is behavioral economics, sometimes called behavioral finance. Behavioral economics looks at human biases--emotional, social, and cognitive--and how they affect economic decisions. The second is the psychology of decision-making, and more specifically bounded rationality, which examines how we make decisions. Neither is directly related to security, but both look at the concept of risk: behavioral economics more in relation to economic risk, and the psychology of decision-making more generally in terms of security risks. But both fields go a long way to explain the divergence between the feeling and the reality of security and, more importantly, where that divergence comes from.
There is also direct research into the psychology of risk. Psychologists have studied risk perception, trying to figure out when we exaggerate risks and when we downplay them.
A fourth relevant field of research is neuroscience. The psychology of security is intimately tied to how we think: both intellectually and emotionally. Over the millennia, our brains have developed complex mechanisms to deal with threats. Understanding how our brains work, and how they fail, is critical to understanding the feeling of security.
El president de Verisign entrevistat per la Mercè Molist per «El Pais»: «Las plataformas abiertas siempre ganan». Verisign és el principal registrador de dominis, d'ençà de la compra de Network Solutions i també va ser una de les primeres empreses en oferir serveis de certificació digital.
P. Lo de gestionar los .com y .net debe haber sido para ustedes un regalo de Dios. R. Ja, ja. Trabajamos mucho también. En el año 2000 resolvíamos mil millones de peticiones diarias. En 2006 fueron 25.000 millones al día y en 2010 serán 100.000 millones. Es un sistema muy complejo y en los próximos años haremos una importante inversión para actualizarlo.
P. El Sistema de Nombres de Dominio es viejo y tiene fallos. ¿Actualizar sólo su parte es suficiente? R. En 10 años, nuestros servidores jamás se han caído. El problema es que hay otros que no controlamos y usan programas con fallos.
(...)
P. Usted predica que un teléfono móvil puede ser muchas cosas: un ordenador, una tarjeta de crédito, un billete de tren. ¿Hablamos de una nueva máquina? R. Sí. El teléfono es el único aparato que todo el mundo puede llevar a todas partes. Reemplazará al portátil cuando haya redes más rápidas y pantallas más grandes, como el iPhone.
(...)
P. Ahora hay pocos virus para móviles pero, en Internet, en 1995, tampoco había. R. Pasará exactamente lo mismo. Allí donde va el dinero, van los delincuentes.
One of the most overlooked and underrated requirements of managing a good network is having a good incident response plan in place in case of a computer security breach. It's a fundamental human struggle to admit just how vulnerable our networks really are and what there is to lose. Once an incident occurs, the breached information is gone; it's forever deleted or residing on someone's mind or computer who shouldn't have it. And there's no way of getting it back.
This article, the first in a two-part series, takes a high level look at what we know now about those changes in Vista which seem likely to have the most impact on computer forensic investigations, starting with the built-in encryption, backup, and system protection features. Next time, part two will continue the discussion with a concentration on typical user activities such as web browser and e-mail usage.
A reliability fix for OpenBSD 3.9 and 4.0 was merged from current yesterday - Incorrect mbuf handling can crash the machine
m_dup1() copies the packet header and allocates the mbuf cluster in the wrong order. M_DUP_PKTHDR needs to be called with an empty mbuf. Allocating an mbuf cluster beforehand is not allowed as the resulting mbuf is no longer considered empty (part of the header is initialized). The correct order is to allocate an mbuf via MGETHDR(), copy the packet header and as last step allocate the cluster.
Dada a considerar: la pila IPv6 serà una important font de problemes de seguretat a mesura que es vagin implementat xarxes IPv6: la gran part del codi de les implementacions d'IPv6 no han estat verificades.
Si això ha passat a l'OpenBSD imagineu-vos que passarà amb la resta de plataformes!
This document describes a methodology for the law enforcement collection of volatile data. The collection of this data can be of substantial use in the investigation of various criminal activities. The current legal restriction of this type of investigation has yet to be determined. What can be controlled by law enforcement is the proper implementation of a process by which we collect this evidence consistent with prevailing legal authority and generally accepted practice. Volatile data is evidence that can -and should- be collected at crime scenes. With training in proper collection techniques and an understanding of its value, this evidence can be successfully collected.
Over the last year, we have seen an explosive growth of IRC bots. New variants are emerging at the rate of almost 1000 a month making IRC bots the most prevalent Win32 threat in the wild. Their modular design and open source nature has allowed them to thrive, outwitting many signature based antivirus products simply due to the vast numbers of variants being produced.
This paper will examine the core features of popular IRC bots and track their evolution from a single code base. This analysis will demonstrate how many of the common IRC bots such as Agobot, Randex, Spybot, and Phatbot actually share common source code. In addition, interesting techniques utilized by specific variants will also be presented.
Finally, the paper will discuss the reasons for the recent proliferation of IRC bots and the motivation behind distributing one, including revenue generation, spam relays, adware installation, DoS attacks, and distributed computing.
Step 2: Get Ruby. The package I used was a gift from a friend, you can find it here. Download this to your device and install it.
Step 3: Get Metasploit I did this on a Linux box; the easiest way to do it is using svn. The command on Linux is: svn checkout http://metasploit.com/svn/framework3/trunk/ framework3 When the svn checkout is done go into the Metasploit root directory and run the following command. find . -name .svn -exec rm -fr {} ;
Step 4: Get Metasploit on the N800 This is up to you. I have a scp clinet on mine so I just copied it down. You can also write it to an SD card, put the SD card in the N800 and copy it off. I put mine in /home/user/Metasploit.
[Wired News] Seagate's Encrypted Hard Drives on Route. Seagate anuncia que un fabricant de portàtils, ASI Computer, començarà a comercialitzar portàtils que incorporen una unitat de disc dur que xifra automàticament la informació.
The hard drives, to be available in laptops made by ASI Computer Technologies, will include a chip that makes it impossible for anyone to read data off the disk, or even boot up a PC, without some form of authentication.
ASI, which manufacturers laptops under its own brand and builds systems for lesser-known PC makers, is expected to put the new technology in its machines within a few months. Other major PC makers are expected to introduce computers with Seagate's secure hard drives later this year.
(...)
The new technology is embedded directly in the hard drive - the computer's storehouse of data. It requires users to have a key, or password, before being able to access the disk drive or boot up the machine. Without the password, the hard drive would be useless, Seagate officials said.
We evaluate a new type of malicious software that gains qualitatively more control over a system. This new type of malware, which we call a virtual-machine based rootkit(VMBR), installs a virtual-machine monitor underneath an existing operating system and hoists the original operating system into a virtual machine. Virtual-machine based rootkits are hard to detect and remove because their state cannot be accessed by software running in the target system.
Publicada la versió 4.6 de l'OpenSSH. El principal canvi és la possibilitat de definir, a nivell d'usuari, grup, host i xarxa, quin són els mètodes d'autenticació acceptats. A banda d'això, és una versió de manteniment.
* The following bugs have been fixed in this release:
- Clear SIGALRM when restarting due to SIGHUP. Prevents stray signal from taking down sshd if a connection was pending at the time SIGHUP was received - sftp returned a zero exit status when upload failed due to write errors (bugzilla #1252) - fixed an inconsistent check for a terminal when displaying scp progress meter (bugzilla #1265) - Parsing of time values in Match blocks was incorrectly applied to the global configuration (bugzilla #1275) - Allow multiple forwarding options to work when specified in a PermitOpen directive (bugzilla #1267) - Interoperate with ssh.com versions that do not support binding remote port forwarding sessions to a hostname (bugzilla #1019)
* Portable OpenSSH bugs fixed:
- "hang on exit" when background processes are running at the time of exit on a ttyful/login session (bugzilla #52) - Fix typos in the ssh-rand-helper(8) man page (bugzilla #1259) - Check that some SIG records have been returned in getrrsetbyname (bugzilla #1281) - Fix contrib/findssl for platforms that lack "which" (bugzilla #1237) - Work around bug in OpenSSL 0.9.8e that broke aes256-ctr, aes192-ctr, arcfour256 (bugzilla #1291)
Fear of the powerful computer user, "the Superuser," dominates debates about online conflict. This mythic figure is difficult to find, immune to technological constraints, and aware of legal loopholes. Policymakers, fearful of his power, too often overreact, passing overbroad, ambiguous laws intended to ensnare the Superuser, but which are used instead against inculpable, ordinary users. This response is unwarranted because the Superuser is often a marginal figure whose power has been greatly exaggerated.
The exaggerated attention to the Superuser reveals a pathological characteristic of the study of power, crime, and security online, which springs from a widely-held fear of the Internet. Building on the social science fear literature, this Article challenges the conventional wisdom and standard assumptions about the role of experts. Unlike dispassionate experts in other fields, computer experts are as susceptible as lay-people to exaggerate the power of the Superuser, in part because they have misapplied Larry Lessig's ideas about code.
The experts in computer security and Internet law have failed to deliver us from fear, resulting in overbroad prohibitions, harms to civil liberties, wasted law enforcement resources, and misallocated economic investment. This Article urges policymakers and partisans to stop using tropes of fear; calls for better empirical work on the probability of online harm; and proposes an anti-Precautionary Principle, a presumption against new laws designed to stop the Superuser.
[Dark Reading] Vint Cerf: Father Knows Best. Entrevista a Vint Cerf parlant, entre d'altres temes, de seguretat i Internet.
He remembers the days when being called a "hacker" was an honor. "It used to be an honorific at MIT. But the abusive practices that have become so visible on the Internet has given a bad connotation here," Cerf says. "Purists wish that we could apply some other terms so as to keep 'hacker' what it once was, but I think the language has become too polluted."
(...)
Cerf says the biggest threats are the proliferation of spam, botnets, malware, and denial-of-service attacks. "Much work is needed to increase the security of the Internet and its connected computers," he says, "and to make the environment more reliable for everyone."
Cerf says the emerging Domain Name Security (DNSSEC) technology could help secure the Net's DNS servers, which have increasingly become targets. And more filtering of source IP addresses is needed. "And use of IPSec would foil some higher-level protocol attacks, and digital signing of IP address assignment records could reduce some routing/spoofing risks," he says. OSes need to be more airtight, too, and two-factor authentication should be more the norm than plain old passwords, he says.
But Cerf knows securing his baby won't be easy. "Security is a mesh of actions and features and mechanisms," he says. "No one thing makes you secure."
(...)
Hangout: "Used book stores."
After hours: "When I find time, I have my nose in a book."
Comfort food: "Haagen-Dazs."
Actor who would play Cerf in a movie: "Well, how about that guy in 'Matrix' who played 'the Architect?'"
Within these pages, you will find a compilation of links to material related to all aspects of Digital Forensics and Electronic Evidence.
This site was a 'side effect' of my research and learning process conducted in connection with my ongoing Computer Forensic Research, in my search to find timely material to share with the Computer Forensic community.
També hi ha un apartat d'informació específica de cada sistema: Mac, Linux, Unix, Windows, ordinadors de mà.
BackTrack és una distribució de Linux, directament executable des del CD-ROM, fruit de la unió de dues distribucions anteriors (Whax i Auditor), especialitzada en la realització de proves de penetració. Tot just acaba de publicar-se la versió 2.0 (podeu baixar-la via download directe o BitTorrent).
Les novetats d'aquesta versió són: basada en Slax 6, millor suport de targetes sense fils, integració de Metasploit i l'actualització de diverses eines.
Laptops are increasingly replacing desktops in the public and private sectors, but security has lagged behind mobile technologies, experts say.
"The speed of security hasn’t kept up with the technology," personal security and identity theft expert Robert
(...)
The CSI/FBI Computer Crime and Security Survey reported that in 2006 stolen laptops and mobile hardware cost the roughly 600 participating companies and government agencies nearly $7 million
(...)
Disk encryption remains the most effective way to secure a laptop, but tracking software has gained momentum, said professor Robert Guess, who teaches information systems technology at Tidewater Community College in Virginia.
But relatively few companies have adopted it, he said.
The software is inexpensive, but the companies also charge monthly service fees, which start at about $10 per machine.
Vatua l'olla! Jo mai he trobat un portàtil perdut... :(
[Security Watch] Hacking with smart phones. És possible utilitzar un telèfon mòbil d'última generacio, amb WiFi, com plataforma per realitzar atacs?
The advantages of using a mobile device in an evil twin attack instead of a bulky laptop are many: mobile devices are easily camouflaged, portable, and can allow close proximity to the intended victim. Mobile devices are rapidly becoming transparent; everyone has one, so what's the big security concern?
(...)
By using Hostapd, Banzhof had many user-space 802.11 functions at his disposal, such as user authentication, encryption, initializing a network interface, beacon intervals to call out to susceptible laptops, and Extended Authoritization Protocol (EAP) keys. It also gave him an interface into the ACX100 driver (which handles the 802.11 protocol) so he could handle the management, transmission, and reception of wireless data packets. But again, there were problems.
A l'article afirmo que SnoopStick s'executa automàticament només introduir-lo al PC. Ara la web de SnoopStick diu que cal executar manualment el programa d'instal·lació. Això ha canviat d'ençà la redacció original de l'article.
Al meu article de Quands indico que s'aprofita de l'execució automàtica de programes via AUTORUN.INF; això no és cert... la tècnica utilizada (o potser, que utilitzava) és (o era) basada en les tècniques de l'USBDumper i USB HackSaw.
For years, we've been convinced by companies like Komoku and BBN Technologies that hardware-based RAM acquisition is the most reliable and secure way to sniff out the presence of a sophisticated rootkit on a compromised machine.
(...)
Rutkowska, an elite hacker who specializes in offensive rootkit research, has found several ways to manipulate the results given to hardware-based solutions (PCI cards or FireWire bus).
At this year's Black Hat DC conference, Rutkowska demonstrated three different attacks against AMD64 based systems, showing how the image of volatile memory (RAM) can be made different from the real contents of the physical memory as seen by the CPU.
DVL is a live CD available as a 150MB ISO. It's based on the popular mini-Linux distribution Damn Small Linux (DSL), not only for its minimal size, but also for the fact that DSL uses a 2.4 kernel, which makes it easier to offer vulnerable elements that might not work under the 2.6 kernel. It contains older, easily breakable versions of Apache, MySQL, PHP, and FTP and SSH daemons, as well as several tools available to help you compile, debug, and break applications running on these services, including GCC, GDB, NASM, strace, ELF Shell, DDD, LDasm, LIDa, and more.
(...)
"The main idea behind DVL," says Schneider, "was to build up a training system that I could use for my university lectures." His goal was to design a Linux system that was as vulnerable as possible, to teach topics such as reverse code engineering, buffer overflows, shellcode development, Web exploitation, and SQL injection.
[News.com] Your Wi-Fi can tell people a lot about you. El sol fet d'arrencar la màquina amb la xarxa Wi-Fi activa, fa que es transmeti una certa quantitat d'informació sobre el nostre ordinador.
Soon after a computer powers up, it starts looking for wireless networks and network services. Even if the wireless hardware is then shut-off, a snoop may already have caught interesting data.
There are many tools that let anyone listen in on wireless network traffic. These tools can capture information such as usernames and passwords for e-mail accounts and instant message tools as well as data entered into unsecured Web sites. At the annual Defcon hacker gathering, a "wall of sheep" always lists captured log-in credentials.
Errata has developed another network sniffer that looks for traffic using 25 protocols, including those for the popular instant message clients as well as DHCP, SMNP, DNS and HTTP. This means the sniffer will capture requests for network addresses, network management tools, Web sites queries, Web traffic and more.
"You don't realize how much you're making public, so I wrote a tool that tells you," said Robert Graham, Errata's chief executive. The tool will soon be released publicly on the Black Hat Web site. Anyone with a wireless card will be able to run it, Graham said. Errata also plans to release the source code on its Web site.
The Errata sniffer, dubbed Ferret, packs more punch than other network sniffers already available, such as Ethereal and Kismet, because it looks at so many different protocols, Graham said. Some at Black Hat called it a "network sniffer on steroids."
This tool is designed to demonstrate the problem of "data seapage". The average machine broadcasts a lot of information about itself on open networks. This tool captures and organizes this information.
This code is extremely low quality, hacked together in order to demonstrate the problem at the BlackHat Federal 2007 conference. Higher quality code should be available around May 2007 on our website at http://www.erratasec.com.
To build this for Windows, you need the WinPcap developer kit. This code should compile on other platforms, such as Linux, Solaris, MacOS, and other platforms with libpcap.
Oportunitats estratègiques per a la implementació del vot electrònic remot. A partir d'una anàlisi comparada de diferents experiències d'implementació del vot electrònic remot a Espanya i de dades sociopolítiques de valoració d'aquestes votacions, es discuteixen els diferents arguments justificadors de la seva implementació.
Monogràfic sobre e-justícia. Aquest monogràfic presenta diversos treballs relatius a la implantació de les tecnologies de la informació, la comunicació i el coneixement (TICC) en la prestació del servei públic de la justícia.
Iniciatives recents de l'e-justícia a Espanya. La introducció de les TIC en l'Administració de justícia pot permetre una justícia de qualitat i, al mateix temps, oberta, transparent i pròxima al ciutadà.
This is a proof of concept page for port scanning arbitrary IP addresses from JavaScript. Given a range of IP addresses, the scanner will detect if there is a host running at that IP. It will then look for a web server running on port 80 and try to fingerprint what kind of web server it is. Only fingerprinting of Microsoft IIS and Apache are currently supported. If the scanner cannot fingerprint the server will report it as "Unknown webserver."This page will not automatically scan your network, will not attack any hosts it discovers, and will not report any information about your network back to SPI Dynamics.
SecurityDistro és un portal dedicat a les distribucions de Linux especialitzades en seguretat informàtica. Moltes d'aquestes distribucions són directament executables des del CD.
També trobareu una secció de tutorials en vídeo que mostren de forma visual com realitzar diverses tasques. Per exemple, aquest vídeo mostra com trencar el xifrat d'una xarxa WiFi.
[ComputerWorld] Five mistakes of data encryption. Un molt bon article que explica, d'una forma excel·lent i com poques vegades podem trobar, quin són els punts febles de qualsevol implementació de criptografia i el xifrat de la informació.
If you follow the media today, you might conclude that data encryption is everywhere. However, is this "good" encryption? A classic saying "Encryption is easy; key management is hard" illustrates one of the pitfalls that await those implementing encryption enterprise-wide or even SMB-wide.
(...)
The first mistake is not using encryption when it is easy and accepted
(...)
The second mistake has been mentioned by most cryptographers out there: inventing your own cryptographic algorithm
(...)
the third mistake: "hard-coding" secrets. As we know, security of a quality cryptographic algorithm does not depend on its secrecy, but on its key or password
(...)
the fourth mistake is manifested in the form of storing keys with data
(...)
Finally, the fifth mistake turns encryption again the very entity that is supposed to benefit from it (that is, your organization).
«
Publicats tres RFC sobre detecció d'intrusions:
Publicada la 
