Irregular Expressions


March 29, 2011  11:49 PM

The 2011 Security Story



Posted by: Dan O'Connor
botnet, cell phone, cell phone botnet, sms command and control

Well maybe not the 2011 story, but I am pretty sure the next big thing will be mobile devices such as phones and tablets.  There is lots of users that will cross personal devices with business devices, would you allow a laptop or pc in to your environment like that?

The other question is what you would do with an army of cell phones at your command?

Spam? I doubt that.

What is everyone doing now, or trying to push now with mobile devices that you would want to get behind?

Mobile banking, I think this provides a real bang for your buck if you are going to take over thousands of cell phones.  Using a SMS command and control or even using twitter or other web sites to send your commands out.  You cold also use those channels to push back the information you are gathering.

March 29, 2011  10:50 PM

What happens when the Certificate Authority system fails



Posted by: Dan O'Connor
CA, certificate authority failure, chrome, firefox, mozilla, ssl

Bad things.

That’s what.

The story is that someone stole digital certificates for some big sites on March 15th using a username and password they obtained, the sites included Hotmail, Gmail, Yahoo and Skype.  On a scale of one to ten of a sites security issues this is more like an eleven.  The certificate is what proves you are you, if a clone of one of these sites was setup with the stolen certificate you could not prove it was a clone.  Now there is a system to deal with this in the CA system, there is something called a certificate revocation list, these certs are what the list sounds like, revoked.  But you need to keep them up to date, and yet still you need to have your browser actually tell you when you are at a site that has a revoked certificate.

Chrome had it’s updated in a couple of days, but FireFox and IE took seven and eight days.  The involved vendors were worried about responsible disclosure, really the only personal that benefited from the delay was the one who had the certs in their hands.


March 29, 2011  9:50 PM

Blind SQL Injection on mysql.com



Posted by: Dan O'Connor
blind sql injection, mysql hack, SQL injection

Weekend break-in at mysql.com, there is a posting on the full disclosure mailing list here;

http://seclists.org/fulldisclosure/2011/Mar/309

The posting includes the structure of the db also usernames and password hashes.  I don’t see any postings from mysql.com acknowledging the breach.

Although the possible direct damage from this may have been defacement or maybe a malware ad, as in most places and from what happened with HBGary I bet there is password reuse going on.  This could have lead to a more serious breach if there was accesses.  I would think from how this was done that the hacker could not get any farther in from that system, I can’t seem them getting the database and just stopping.


March 29, 2011  9:34 PM

Australian Ministers Email Compromised



Posted by: Dan O'Connor
Australian email hack, email hack, secureid

The information is a little vague as there is an active operation in regards with it.  But what is known is at least 10 ministers have had their email accounts compromised, for more than a month.  During this time several thousand emails may have been accessed on a non-secure level network.

The government was notified from a US intelligents agency, and it appears the target was information regarding the mining industry.  Information also release mentions that passwords that some of the ministers used could have been brute forced in less then ten seconds.

I wonder what security measures are in place on the more secure network, if they are using two factor authentication and more complex passwords.  I am also wondering of they are using the RSA SecureID tokens that just happen to be having a problem.


March 28, 2011  1:03 PM

Facebook wow



Posted by: Dan O'Connor
links

When I see an article about a facebook page being vandalized I always need to read it.

This time I wish I did not, what a Jerk!

http://www.brisbanetimes.com.au/technology/technology-news/facebook-vandal-jailed-20110325-1c9mq.html

It’s good to see him going to jail for it at least.


March 28, 2011  12:57 PM

A little more RSA breach info



Posted by: Dan O'Connor
links

It’s just a little more, there is still nothing published that I can find about what was taken but this has some more background information and interesting commentary.

http://blogs.bankinfosecurity.asia/posts.php?postID=915


March 27, 2011  12:15 AM

Routing changes



Posted by: Dan O'Connor
china, links, routing

Not that changes in routes don’t happen frequently but when routes bounce between continents you would like think that might raise a flag with someone that is monitoring that.

http://news.cnet.com/8301-27080_3-20046338-245.html

Either Chinanet has the worst Cisco / networking guy ever or there is something really bad going on with that.  To have a domestic route going to another at least two networks is either really good luck or a something that was really planned out.


March 26, 2011  11:47 PM

Very cool command and control



Posted by: Dan O'Connor
botnet, command and control, links

I do find command and control structures of botnets very interesting, I do find the creativity of them incredible.

http://www.bbc.co.uk/news/technology-12859591

This is one I have not seen before, using custom encryption and using message board comments as a means of communication.  Depending on the message board I don’t know if this is a great way of distributing commands to the bot members.  If the message got deleted you could have something go wrong, such as an update.  They do get good marks for the custom encryption, I don’t know if I would have selected the command control structure.


March 26, 2011  11:14 PM

3FN Shutdown



Posted by: Dan O'Connor
3fn, crime, links

You could call it a shutdown or you can call it progress.

http://www.bbc.co.uk/news/10136253

You can’t say that there are not groups working to stop this kind of thing, but you can say they don’t move very fast.  Not it’s not a good thing, it’s just that these groups move so quickly changing names and locations that it seems traditional law enforcement tactics don’t seem to work.  It would be nice if there could be a faster response between law enforcement and internet service providers.  Especially with cases of illegal images and other serious crime not to say that it all is not harmful.

Although I admit it opens a huge issue with abuse, I don’t like the chance that it could be misused for a purpose then it’s original intent.


March 9, 2011  12:53 AM

Neat trick of the day



Posted by: Dan O'Connor
hiberfil.sys 2008, hiberfil.sys server 2008, hibernation windows server, powercfg.exe, powercfg.exe -h off

So looking to make room on the C volume of a server I notice hiberfil.sys taking up 6 GB of space.

While it’s nice for laptops and desktops to go in to hibernate mode, servers not so much.

Going through the GUI options did not turn much up, but after looking at some command line stuff I found;

powercfg.exe -h off

Just like that it’s gone no reboot required!


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: