November 27, 2010 1:31 AM
Posted by: Dan O'Connor
linksI still have an intense interest still in stuxnet.
Here is a little more information about the worm, more of what it was targeting, and information about the current work being done on it.
http://www.symantec.com/connect/blogs/stuxnet-breakthrough
November 27, 2010 12:38 AM
Posted by: Dan O'Connor
atm,
malware,
mp3This is some pretty creative stuff with a mp3 player although the link is kinda vague on any details about anything really.
http://www.computerworld.com/s/article/9197138/European_banks_see_new_ATM_skimming_attacks
The shimming attack also mentioned sounds very neat, but again a lack of details.
November 19, 2010 3:00 PM
Posted by: Dan O'Connor
cyberwar,
talkshttp://www.iiea.com/events/bruce-schneier-chief-security-technology-officer-bt-the-future-of-the-it-security-industry
I find his opinions on things very interesting and he has a habit of approaching things totally differently then a lot of other security guys and limits the sky is falling talk.
The link is a good 25 minute talk, worth listening to, or watching.
November 18, 2010 9:31 PM
Posted by: Dan O'Connor
gmail,
gmail recovery,
hackThe key to successfully recovering after any incident is having a plan. This is why you need to understand good incident handeling procedures and practice!
It’s always best to have these steps written down, so here it is for your gmail account.
http://knol.google.com/k/the-c-man/how-to-recover-a-hacked-or-compromised/3p9k5zywla4ku/7?pli=1#When_you_reclaim_Your_Account
This is also a good reminder to ensure your account recovery settings are up to date, and make sure to include a SMS number.
Unfortunately if you are not in your account when something like this happens you are already too late, once your password is reset it may take a while to regain access to it.
November 18, 2010 9:10 PM
Posted by: Dan O'Connor
FTC,
hacker,
linkI can understand why the FTC would want to have someone with this skill set, but looking into his past would make all sorts of alarm bells go off.
http://www.forbes.com/forbes/2010/1206/technology-chris-soghoian-federal-trade-commission-agent-provocateur.html
Even the stuff he pulled while working for them, I would have liked to have been around the conversations that the management was having after all those. Even the conversations before he was hired and how the justification of the risk of hiring this guy and if he is the one they picked what the heck where the guys that they turned down.
November 16, 2010 12:22 AM
Posted by: Dan O'Connor
gmail,
google,
java,
osx,
trojanWell I know I have liked this in the past when I saw it fire off on myself when traveling. At that time it seemed to have worked immediately. I have always wondered if it would really work.
I can say for now that it does, but not as fast as I thought it would.
My account was access from an IP in China, looks like my wife picked up a trojan on her mac. That in itself is full of awesome.
Good is not sharing multiple passwords across multiple sites.
Bad is having all of that account information in one place.
Lucky I was sitting on it right when it happened so I was able to stay logged in, log out all of the other sessions and change the password.
Lets not do that again.
November 13, 2010 2:27 AM
Posted by: Dan O'Connor
game,
pdfhttp://honeynet.org/challenges/2010_6_malicious_pdf
Yea!
Another challenge to do, I have been doing a lot of research in to exploiting with pdf’s so it’s nice timing for this. I hope to have some information posted soon on what I have been doing and the results of my testing.
But I think I am going to have to stop that for a while to do this!
Good luck.
November 9, 2010 11:52 PM
Posted by: Dan O'Connor
click jacking,
clickjacking,
facebookHow much further can click jacking in facebook go?
Right now the main ones that I have seen are working to either gather information (or just a prof of concept) and try to use a browser vulnerability on the redirected page to infect the host.
Another from the Sophos blog tries to get you on a monthly cell plan.
http://nakedsecurity.sophos.com/2010/11/09/jetblue-tickets-scam-spreads-via-facebook-jezebel/
What else could you do?
What about harvesting facebook passwords? What good is that, well I can’t say the number but I bet there is more people than not that use the same password for everything! You could also use this in research with passwords and combine information such as what people do, age, work history, and geographical location to build a model for what kind of password they would use. Why not?
I could also see targeted spear fishing attacks with click jacking.
Sounds like something fun!
November 4, 2010 11:46 PM
Posted by: Dan O'Connor
dce rpc,
dce rpc fragmentation,
fragmentation,
ips,
ips evasion,
metasploit,
SonicWall,
sonicwall ips evasionWell this did work a few weeks ago.
http://software.sonicwall.com/applications/ips/index.asp?ev=sig&sigid=5860
Until a week or so ago, someone could use an IPS evasion module in Metasploit to pass attacks through a SonicWall. This involved using DCE / RPC Fragmentation which fragments the packets during the NetBIOS session setup.
This has been known since at least 2006 ish when Snort implemented a dynamic pre-processor to handle this in it’s engine. Several other UTM’s have the ability to detect this type of traffic, most of them based on the Snort pre-processor.
Last week I was successfully getting the ms10_061 passed the SonicWalls IPS engine and AV engine using the fragmentation. I did not specifically chose the ms10_061, but it was in the list of top 10 blocked attacks on the dashboard.
Ta-Da!
It worked.
Turn off the Frag,
Nothing
On
Right through like Jim Morrison.
I reported the issue to SonicWall and after a some debate there is a new signature.
