So there is a few types of hashes you may come across, on most Unix type systems you could have a MD5 hash password file. But not just a MD5 hash, these will include a salt to make the hash unique.
Now other systems will use hashes, say like a web application. Now you could do these with a salt but many web developers ether don’t know this or assume that is already there, you can pick. With out the salt a string will always hash to the same result on every system, this is a problem. You could use something like a rainbow table, where you have a pre-hashed password list so you can quickly look up the password.
Not as exciting as I hoped, pretty standard stuff.
Bad Passwords / Hashing
Here is some information regarding ties HBGary had to Stuxnet,
But the best part is, HBGary had access to the worm it self and you can get it here.
I have not had a chance to review it yet, but I am hoping to get in to it this weekend.
If you have not been following the fun with HBGary and Anonymous you are missing a real show.
Some of the strategies suggested with what is suspected to be Bank of America are a little off, suggesting to break laws not to mention the moral implications of a corporation trying to bully a citizen.
I thought the social media stuff was interesting, it’s the same thing I have used before in tracking down bot herders. Although sending around pictures of someones children significantly raises the creep factor on the whole thing, I don’t see how that is relevant even to a spear fishing campaign.
Also you can grab the db dump of the accounts from rootkit.com (you will see how that is connected) if you want to have some fun cracking passwords. I will write a brief how to in a couple days to get you started.
This looks like loads of fun,
Of course you could use it for more bad then good.
This is an issue I have with casual and even malicious malware, in the majority of cases the goal of this software is to steal money or identities. But when this software gets onto a network that does something that lives depend on, it’s a pretty big deal.
If someone got injured or killed I would hope that if they could find who created the malware and that they would be charged with man slaughter. When this software is created I don’t think that the authors are actually thinking that someone could be seriously hurt by it, but saying that they know what they are doing is wrong in the first place. Also I know that an author of malware will say that its not their fault, and that the administrators of the network should do a better job defending the network. That is just like breaking into houses and saying its not your fault they should have an alarm and better door lock, OR you could not break in to the home in the first place.
Now with Snort installed we need to do configuration and get some rules.
Make sure to setup your HOME_NET and configure any additional paths for your rule sets.
Go to snort.org and create an account, then get an oinkcode. Now you can use the command like to download your rules. I would do this from /usr/local/etc/snort.
fetch http://www.snort.org/reg-rules/snortrules-snapshot-<version>.tar.gz/<oink code here>
tar -xvf snortrules-snapshot-<version>.tar.gz-gooble-gook
Now you need to enable snort in /etc/rc.conf and set the interface in there also.
Snort will start now, next task is to configure your logging. I will be using syslog on mine to forward to a SIM, but that will also log to the local machine.
I can’t say that this is shocking, I always though it would be a smaller number then 200.
There is always that small group of people that know what they are doing and are the ring leaders. I would suspect that this information will be used to change how P2P file sharing is dealt with, it would be more effective to go after the 200 up-loaders then the 1000’s of down-loaders.
Really it makes no sense why you would not do that in the first place, maybe they did not even look?
Wow I did not think this would happen, the State of California is going after someone in New Jersey. It looks like that will be challenged, also Sony is going to get his machines handed over to them, I find that a little much. I am not choosing sides here but having the State order someone to hand over property to a commercial entity, I can’t think of another case like this involving copy right.
I have already covered Suricata in my previous posts, but sometimes you just need to have snort setup for various reasons.
First go get freebsd http://www.freebsd.org/ , then use the FreeBSD handbook (if you need to) and create a basic installation. I like to do a user install, but minimal will also work (but you get no man pages, so if you need that go with a user install ).
Next you will need Snort, you can use your OS’s package manager, I am going to use the FreeBSD ports system.
cd /usr/ports/security/snort make install clean
Now just sit back and wait it out.