Author Archives: agent0x0

The Honey Stick Project: Tracking Mobile Storage Devices

0
Filed under Security Awareness

<%image(20080319-honey_pot.jpg|99|110|Honey Pot!)%>

Here is a pretty cool project that I stumbled upon over at Security Catalyst. The concept is to have a “Honey Pot for mobile storage devices” but each mobile storage device (USB key, iPod, etc…) in reality becomes it’s own “Honey Stick” where the researcher can safely track how many people are plugging these devices into their computers. The hope is that by leaving these devices around in public areas, someone will pick them up..and plug them in. There is even a psychological aspect to this because the researcher, Scott Wright, is actually finding people that want to return these found devices to the owner!

While there may be some privacy concerns conducting this type of public experiment…Scott seems to have done his homework on this project thus far. I am looking forward to reading more about his results as the experiment continues. He has results for his first “stream” here. Check out the Honey Stick Project web site for full details and information.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Hannaford Brothers Credit Card Breach

0
Filed under Identity Theft

Another day…another credit card breach!

This time 4.2 million credit cards were exposed. I personally smell a bit of TJX in this one…

“The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization,” said Hannaford CEO Ron Hodge, in a statement posted to the company’s Web site.

The key phrase being “transmission of card authorization”. Sniffed? Bad Wifi security? Only time will tell…much speculation at this point. However, Securosis.com has some good speculation about what might have happened.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

GNUCITIZEN on PaulDotCom

0
Filed under Penetration Testing

Larry and Paul from the PaulDotCom Security Weekly Podcast have a very good two part series interviewing pdp and Adrian from GNUCITIZEN. Lots of good information about embedded device hacking and all the cool things GNUCITIZEN is working on. Check out the mp3′s of the Podcast below….better yet…subscribe to the PaulDotCom Security Weekly Podcast! These guys always have good content and are interesting to listen to as well.

Interview with GNUCITIZEN – Part 1
Interview with GNUCITIZEN – Part 2

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Pointsec Disk Encryption Cracked? Not so fast…

1
Filed under Cryptography

The SANS ISC posted an article titled “Pontsec Disk Encryption Cracked”. Really? Cracked? I was thinking that there was some new cool uber l337 hax0r tool that breaks disk encryption from boot…and no, this isn’t the cold boot attack that has gotten all the attention lately. This is the firewire attack (winlockpwn tool) on Windows that has been known since security researcher Adam Boileau discovered this “feature” back in 2006 (it’s just that the code hasn’t been released until recently). Adam sums up the firewire “feature” best on his web site:

“Yes, you can read and write main memory over firewire on windows.
Yes, this means you can completely own any box who’s firewire port you can plug into in seconds.
Yes, it requires physical access. People with physical access win in lots of ways. Sure, this is fast and easy, but it’s just one of many.
Yes, it’s a FEATURE, not a bug. It’s the Fire in Firewire. Yes, I know this, Microsoft know this. The OHCI-1394 spec knows this. People with firewire ports generally dont.”

This LuciData “hack” doesn’t crack disk encryption at all. If the laptop was powered off..that’s a different story. Like Adam says…if you have physical access to a live computer there are lots of attacks you could do..not just the firewire one. Before we announce that the sky is falling…lets get the real details first please. If you are using any disk encryption (not just Pointsec) you should be using pre-boot authentication anyway as this is what most vendors recommend as a best practice for a corporate deployment.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Chinese Hackers or Script Kiddies?

2
Filed under Hacking

Interesting article on CNN today about a covert group of Chinese “hackers” who apparently have broken into the Pentagon and other high profile sites. Actually, they “know” someone who broke into the Pentagon, they didn’t actually do it themselves.

This isn’t breaking news by any means. There are hackers all over the world trying to do the same things that they are, and they are not necessarily in China. I would bet that this group is nothing more then a bunch of script kiddies just looking for the attention of the US media. Sure, there are vulnerabilities in many, many web sites…some of them even high profile, however, I have my doubts that these guys have serious “skills” given the fact that they have a web site with over 10,000 registered users that distributes hacking software. The site “offers tools, articles, news and flash tutorials about hacking”. Anyone can run a tool or copy a script…what makes these guys so different? How can you really prove that the Chinese government even paid these guys to hack into the Pentagon?

Never fear…this is just media hype over US/Chinese relations and the potential “cyber war”. I am sure this won’t be the last either from these big media organizations.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Online Google Hacking, Ethical Penetration Testing Tool

1
Filed under Penetration Testing

GNUCITIZEN has released a tool similar to the fat client Goolag Scanner that the cDc released a few weeks ago called GHDB. What makes the GHDB different is that it is browser based and uses JavaScript techniques to scrape information from Johnny Long’s Google Hacking Database without the need for hosted server side scripts. Add this to your growing list of reconnaissance tools for penetration testing!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Cold Boot Attack Tool Released

1
Filed under Cryptography

Well, that didn’t take long…a tool to dump the memory and pull the encryption keys off of encrypted hard drives has been released. Like I said in a previous post, it was only a matter of time and the risk/threat vector of this vulnerability starts to change with the release of a tool.

On a related note, there was a good blog post over on Princess of Antiquity about some potential engineering solutions to this vulnerability you may be interested in reading about as well as some potential mitigations to this vulnerability that are being discussed. I actually like her quote at the end of her post:

“What we should remember is that no matter how strong your lock is, if you leave the key lying around, you might as well leave the door wide open.”

How true! :)

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Penetration Testing Ninjitsu with Ed Skoudis

0
Filed under Penetration Testing

I recently saw a good webcast presented by Core Security Technologies on “Penetration Testing Ninjitsu”. This was presented by Ed Skoudis who is a very good SANS instructor and is also the author of the book “Counter Hack Reloaded” (I highly recommend all penetration testers read this book). Some of you may have taken his SANS Security 504 class (Hacker Techniques, Exploits, and Incident Handling) and have worked through his hacker challenges that he posts on ethicalhacker.net.

The webcast talks about the motivations for performing penetration testing to improve the security stance of an enterprise and covers some in-depth Windows command-line tips that can help penetration testers use Windows machines more effectively during a penetration test.

You can download the slide deck from Core Security Technologies here.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Cold Boot Attacks on Encryption Keys- Whats the risk?

1
Filed under Cryptography

I am sure everyone has heard about and watched the YouTube video of the Princeton researchers that conduct cold boot attacks on encrypted hard disks. If you haven’t, I highly suggest you do. As everyone agrees…this is a very significant vulnerability and every organization that uses software to encrypt hard disks should look at ways to mitigate this new risk.

There are a ton of articles already about this new threat so I won’t bore you with the details…however, I have found one posted by Rich over at Securosis.com that sums up the entire issue and what risk this might have for your organization.

One thing I would like to highlight in his article is that you should contact the vendor of the hard disk encryption product you use to see if they plan to address this new vulnerability. It will only be a matter of time until the first tool is out there in the wild and actively exploited on stolen laptops.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

802.11 Attacks Whitepaper

0
Filed under Wireless Security

<%image(20060811-wireless access point.jpg|136|94|Wireless!)%>

Foundstone always puts together great research and releases great tools.

The other day Foundstone released a whitepaper describing all of the new and old 802.11 (Wireless) attacks. The paper gives some really good information about AP Impersonation, Rogue Access Points, Implementation Attacks (WEP, Dynamic WEP, WPA/WPA-2 cracking, including the Cafe Latte attack). The paper even goes into wireless client adapters and wireless DoS attacks.

If you conduct wireless penetration tests or want to know more about wireless security, I highly recommend you read this paper. You can download the 802.11 Attacks whitepaper directly from Foundstone.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS