Irregular Expressions


November 23, 2011  4:31 PM

Kevin Bacon was wrong all along



Posted by: Dan O'Connor

Well Frigyes Karinthy.

http://www.bbc.co.uk/news/technology-15844230

I have been working on an idea that was similar but I was thinking more of personal contact.  How it would travel between sites, say if someone sneezed on you in LA, then you fly to Vancouver then sneeze on a few more people etc…

November 21, 2011  4:52 PM

I love free learning



Posted by: Dan O'Connor

Enjoy

http://www.crypto-class.org/


November 21, 2011  4:45 PM

Manning case date



Posted by: Dan O'Connor
bradly manning, wikileaks

I just saw this come up.

http://www.bbc.co.uk/news/world-us-canada-15829284

I am not sure if he has any chance at getting out of this.


November 21, 2011  4:36 PM

The dangerous world of interconnected devices



Posted by: Dan O'Connor

It might be worth looking at devices in the sense of do we need to connect this to the internet or not?

Just throwing a device on the LAN does not cut it, why do you need to have this connected to the workstation LAN and Internet?

Build separate infrastructures, or at least VLAN it off in to it’s own network, control and monitor your access points.  Block out bound useless services, why do people need to have web access from the server VLAN?  Does your SCADA system really need to be accessible from the Internet or have access?

The point is not to “win” but to educate the stake holders so they can make an informed decision.

http://pastebin.com/Wx90LLum


November 21, 2011  4:20 PM

Well that’s interesting, and I am not clicking on those.



Posted by: Dan O'Connor
anon, anti-sec

Anti-Sec strikes again,

http://thepiratebay.org/torrent/6827936

Anon has hit a big fish.

Just remember that ToR is good, but there has been proven attacks from time to time to break it’s security.


November 21, 2011  12:55 AM

Windows 8 Bootkit to be released



Posted by: Dan O'Connor
windows 7 bootkit, windows 8 bootkit, windows bootkit

If you check out http://malcon.org/ there is a speaker lined up to release a Windows 8 bootkit.

You can see his other releases here http://www.stoned-vienna.com/ .

I would have to admit that trying to protect software is not on my list of dream jobs, it’s not easy to do.  I would even call it difficult, as you can tell by all of the pirated software you can download.


November 19, 2011  12:03 AM

Industrial data theft



Posted by: Dan O'Connor

I am not sure if this is getting worse, or if it is just being detected more.

http://www.washingtonpost.com/world/europe/security-watchdog-norwegian-energy-defense-industries-hit-by-extensive-data-theft-attack/2011/11/17/gIQAzbMKUN_story.html

This has to be both, I know this will keep happening.  I also like to think that the people defending these systems are getting better at it.  That second part might be wishful.

The whole system needs to move from reaction to prevention, we are off to a good start but there is work to do.


November 18, 2011  11:48 PM

Web Vulnerability Assesments



Posted by: Dan O'Connor

http://www.acunetix.com/vulnerability-scanner/vulnerabilityscanner8.exe

I have used this tool a few times and I really liked it.  Comparing it to some of the others I have used, it’s got a good interface just like the big boys, but not the big price tag.

It can be used by even people that know little of Web VA’s it will hold your hand through the process.


November 18, 2011  11:42 PM

TCP Session Hijacking



Posted by: Dan O'Connor
initial sequence number, session hijacking, tcp, tcp session hijacking, transmission control protocol

Part of taking over a TCP session is knowing how it works, that’s why I was previously talking about the TCP handshake.

To take over a session there is a few general steps that need to be done.

1. You need to know the ISN, there is a few ways to do this.

  • In between, the conversation.  Using some sort of sniffer to watch the traffic to know the ISN.
  • Guess, that is not as easy as it was since before RFC 1948.
  • Use source routing, but that should be disabled.

2. Once you know the ISN by one way or the other you then need to take the session over.  As the session is being taken over the client that is being replaced needs to be knocked off the network.  Typically this is done with some sort of DOS.

In most cases this is used to gain access to a target system, back in the days of telnet.  You could take over the session then through the needed commands to setup a shell to the machine.

This type of attack is still useful for other things, http sessions and other non-encrypted traffic.


November 18, 2011  10:03 PM

TCP Threeway Handshake



Posted by: Dan O'Connor
initial sequence number, tcp, tcp isn, tcp three way handshake, transmission control protocol

I have been doing some research for a project and I wanted to share some things.  During the three way handshake each host sets it’s own ISN.

  • Host 1 sends a SYN packet to Host 2 with A as the ISN (Initial Sequence Number), this number should be non-predictable.
  • Host 2 responds back with a SYN-ACK the an ACK number of A + 1 and ISN of B.
  • Host 1 responds back with a ACK with the ACK set to B + 1 and a ISN of A + 2.

If you add a -S to tcpdump you will see the absolute sequence numbers instead of relative.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: