haxorthematrix

I signed in with my trial ID and password, and proceeded to step through the "wizard" on setting up my notifications, how I'd like to recieve them, etc. I set up that I want to recieve all notifications (not just systems that affect my environment), because that's how I keep abreast of all of the vulnerabilities and exploits - a good pen tester has a cache of exploits for just about everything, or at least knows where to find them. So, in my opinion the flitering of alerts is way cool, and I can see the value (although not for me). So far, so good.

Next, I selected the delivery method. Plaintext e-mail for me thanks! PDFs and a few other options were available, but I'm a simple guy. Again, I can see the value here as well, and plaintext works just fine for me (just as it always has). Again, so far so good.

FrSIRT also assigned my own personal RSS feed for the items I selected. Cool. I like.

Now to the REALY value for me. Exploits. Would I like to recieve notifications on new exploits! I sure would! As fate would have it, guess what is not available to trial members. Yup, you guessed it; exploits. This is where it turns bad, real fast.

Now, the FrSIRT folks, via their e-mails, promised that the trial account would let me see the value of the VNS service. Sure, I can see it, I'm just not allowed to use it. It is clear that it does have something to do with the new French laws, that apparently state that I have to pay to see. Clearly I haven't paid , so by law I can't seel. I'm all for being law abiding, even theough I realy do want to see.

Now here is the kicker: All of those features that they promised, you know the free ones with the trial account? Vulernerability reporting, right. Guess what doesn't work? Yup. RSS feed empty. E-mails? None. yes, I checked my junk mail. And my spam filter. And my Anti-virus gateway too. Nothing.

I don't care who you are, that's suckage right there (with all dure respect to Larry the Cable Guy).

Maybe I did something wrong.

However, I have noticed that milw0rm and SecurityFocus have increased thier coverage of exploits, and for that I thank them. Sounds like great alternative to me.

- L

Posted by Larry at 02:36 PM | Permalink | Comments (4)

The tinyPEAP progect uses FreeRADIUS for the radius server in the firmware, which is a great way to implement WPA-Enterprise on the WRT54G, in one standalone box. The problem is, I can't find anywhere on the tinyPEAP webpage, or in the forums, what version of FreeRADIUS thier implementation is based on. Given that the last release of tinyPEAP was on 4/9/05, I can't imagine that it is terribly new, and is more than likeley vulnerable to all of the remote attacks described in the advisory.

At this point, I'd have to advise against the use of tinyPEAP, until It can be confirmed that thier implementation of FreeRADIUS is not vulnerable. I'd suggest looking at OpenWRT instead, as I believe that they have an implementation of radius as well - and if they use a vulnerable version, you can put money on it that they will update it ASAP - the OpenWRT project is activley maintained, and under active development.

- L

Vuln: FreeRADIUS Multiple Remote Vulnerabilities

FreeRADIUS Multiple Remote Vulnerabilities

Posted by Larry at 11:18 AM | Permalink | Comments (0)

Since I just learned last week that L0phtcrack has been discontinued, it is time to look for alternatives. Ophcrack is certainly one of the alternatives. I haven't used it yet, but I am going to look at it over the next few days.

- L

Ophcrack 2.2 Password Cracker Released

Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds.

Posted by Larry at 11:10 AM | Permalink | Comments (0)

- L

Bugtraq: EEYE: Temporary workaround for IE createTextRange vulnerability

EEYE: Temporary workaround for IE createTextRange vulnerability

Posted by Larry at 01:48 PM | Permalink | Comments (0)

- L

Illinois Man Arrested For War Driving

A man in Illinois was parked in front of a home with an open WiFi signal borowing some Internet access when a cop stoped to ask him what he was doing. The war driver told the cop what and how he was doing it and got arrested for breaking a littel know law in Illinios.

Posted by Larry at 01:34 PM | Permalink | Comments (0)

- L

Missed ShmooCon? Go now.

The great people of the Shmoo have seen it fit to release videos of all the talks that were given at ShmooCon 06. Go. Have fun, and let the Shmooing BEGIN!

Posted by Larry at 01:32 PM | Permalink | Comments (0)

Go for hamachi instead. Hamachi uses proven, secure technologoes (not that PPTP isn't proven, but it certainly isn't secure especialy when using MSCHAP for authentication, such as windows XP).

- L

Configuring a free VPN solution in your home

A very nice and easy walkthrough/screenshot article on configuring an XP machine as a VPN server, configuring a linksys router and windows firewall to allow the VPN and configuring a VPN client to connect to the server. Great for anyone needing secure file sharing capability from their office to their home.

Posted by Larry at 04:36 PM | Permalink | Comments (0)

Now, I have total respect for Mr. Schneier. I'm posting this for two reasons:

1. Inform the readers. They need to be safe.

2. Stop picking on Mr. Schneier. Go find bugs in Steve Gibson's work instead.

:-)

- L

Bugtraq: PasswordSafe 3.0 weak random number generator allows key recovery attack

PasswordSafe 3.0 weak random number generator allows key recovery attack

Posted by Larry at 01:41 PM | Permalink | Comments (1)

Cisco AP 1300's running ISO 12.3.(8)JA in default configurations are easy targets for DoS attacks, effectively rendering the devices unreachable. Apparently Ciso advises against running IGMP Snooping and WiFi Multimedia on the device at the same time, as they claim it will cause degradation of service. Apparently what Cisco failed to note the severity of the degradation of service (total), and that these two oprions are turned on by default!

Oops.

Now, it is not apparent to me from the advisory how the DoS is set off, but maybe that is just me being stupid...

- L

Bugtraq: Cisco Aironet 1300 DoS condition

Cisco Aironet 1300 DoS condition

Posted by Larry at 01:33 PM | Permalink | Comments (0)

Thanks to irongeek for this one. I'm always impressed by his stuff.

It does appear to be a bit buggy, but I'm going to give it a test on my multiple monitor setup anyways - I put irongeek's 3 monitor setup to shame with 4, 17" flat panels.

- L

Network Sniffing Screensaver: PacketFountain, Now that's Cool!!

This guy managed to create a Screensaver that sniffs out your network using VB6 and WinPcap and then displays packets realtime on your Screensaver. Geek way to see what's goin' on at your Lan.

Posted by Larry at 11:06 AM | Permalink | Comments (0)

Apparently the French government has been putting pressure on them regarding some new laws on computer exploits, so in order to comply with the law they had to move to a subscription based model, which they claim they do not intend to profit from.

I call shenannigans

First, if that was the case, why was it such a big secret? FrSIRT could have said that they were doing this because they needed to be law abiding. That's cool, and I would respect that, bit to not put any reasoning out there until they were called on it is a load of crap. I don't respect that.

Second, If they are not intending to make a profit from it, why does it cost $4500 USD a year per person? It seems that they were giving it up for free for a long time as K-otik and as FrSIRT. So why not comply with the laws as a subscription for a token amount (say$10 USD per year)? Seems like it was the first rock of crack for free to me - now that I'm hooked, I gots to pay. Sure, you could argue that the new service is offering more, and is customizeable and so on, but to me it is not worth it.

Now that being said, I just got my 14 day trial to check out the new features (after far more than the 72 hours as indicated), so I will really be able to make up my mind if the new features can justify the cost. I'm going to give it an open mind, and be sure to post here when I have a full impression.

- L

Brief: Web site takes exploits private

Web site takes exploits private

Posted by Larry at 01:41 PM | Permalink | Comments (1)

I'm glad most of my readers don;t use IE. In fact, Is doesn;t even show up in the top 10 browsers.

- L

Don't let friends use Internet Explorer (ROFL)

A bit too much of toolbars, don't you think? :)

Posted by Larry at 11:13 AM | Permalink | Comments (0)

- L

CeBIT exhibitors flunk wireless security test

More than half of the wireless networks deployed at the Cebit technology show in Hanover, Germany, last week had no encryption enabled, making the systems behind them prime targets, according to Kaspersky Lab Ltd.

Posted by Larry at 02:12 PM | Permalink | Comments (0)

MS06-012: Critical exploit that could allow arbitrary code to be run on a windows system as the user when opening malformed documents with any MS Office product. The important thing with this one is that Proof of Concept code is already public.

MS06-013: Important Windows privilege escalation. This one could be used in conjunction as the PoC's for MS06-012 to gain full control of the system. Sure it is possible that other privilege escalation techniques could be used, but this one is new, and attackers would most likely find this one unpatched if they were to move quickly.

- L

March Microsoft Security Bulletins Released, (Wed, Mar 15th) id1190

As covered in the pre-announcement, Microsoft released two bulletins today:MS06-012: Critical ...(more)...

Posted by Larry at 09:33 AM | Permalink | Comments (0)

I love the info out of FrSIRT, and I'd like to subscribe bu I can't - they don't post the pricing on the web page, and you have to e-mail for pricing. Why can't they put that info on the web page?

- L

Public exploits section have been definitively closed. Exploits and PoCs are available to FrSIRT VNS subscribers only.

Posted by Larry at 11:26 AM | Permalink | Comments (0)

...and yes, tech news from SuicideGirls.com

- L

Sean Bonner finds censorware director's infantilism past

dating back to 1996, Usenet never forgets

Posted by Larry at 04:23 PM | Permalink | Comments (1)

TCP fragmentation mishandling by all sorts of windows, Linux kernel 2.4 and AIX systems are affected. Allegedly some undisclosed Cisco stack implementations are also affected.

The discoverer calls this "New Dawn Attack" which is allegedly a variant of the "Rose Attack". Let's see if the mainstream media picks up on this one.

- L

Vuln: Multiple Vendor TCP Packet Fragmentation Handling Denial Of Service Vulnerability

Multiple Vendor TCP Packet Fragmentation Handling Denial Of Service Vulnerability

Posted by Larry at 03:51 PM | Permalink | Comments (0)

The good folks over at the Internet Storm Center have recieved a report from a reader that they have an e-mail claiming to offer a 10,000 host botnet for only $25.

Hell, I'll take two, they're small!

- L

Bargain: 10'000 infected PC's for only 25$, (Wed, Mar 8th) id1173

Just got this one, sent in by a reader who received it as email:Dear Sir/Madam, Hello! We are inte ...(more)...

Posted by Larry at 03:04 PM | Permalink | Comments (0)

Paul and I tested this with version 2.0 on both Mac and Windows yesterday, and both seemed to be unaffected.

- L

Skype emotions DoS

Application crashes on large number of emote icons. Applications: skype 1.4 (07.03.2006)

Posted by Larry at 09:58 AM | Permalink | Comments (0)

Microsoft's fingerprint reader sends fingerprints from the device to the PC unencrypted, which sould be sniffed in transit. The vendor says that encryption is available on the device, but it appears to have been disabled by Microsoft.

It is too bad that Microsoft took something good into something not so good. Now that being said, Microsoft said that it was never intended to be for security, but for convenience.

- L

Researcher hacks Microsoft Fingerprint Reader

A security researcher has shown how hackers could steal fingerprint information using Microsoft's Fingerprint Reader.

Posted by Larry at 01:21 PM | Permalink | Comments (0)

Norton Firewall and Norton Internet Security users, get bumped from IRC when someone in a channel they are participating in types "startkeylogger" or "stopkeylogger", which the Norton software interprets as a botnet client. It is good to know that the product does work, but it will be great fin to try out the next time you are on IRC to see who is using those Norton products. Can you say "information disclosure"?

Symantec promises a fix soon.

- L

'Keylogger text' spooks Symantec

Boo to a (Norton) ghost

Script kiddies have latched onto a minor glitch in Symantec security software to boot users off Internet Relay Chat (IRC) channels. Typing "startkeylogger" or "stopkeylogger" in an IRC channel results in the involuntary logoff of users of Norton Firewall and Norton Internet Security suites, The Washington Post reports.…

Posted by Larry at 09:23 AM | Permalink | Comments (0)

Apparently, Fedex Kinkos tried to deny that this was possible, and now states that it is no harm to the users. Wile I agree that it probably poses no harm to the users, it could certainly harm Fedex Kinkos. Clearly it is possible, contrary to what Fedex Kinkos claims.

Now, smartcard hacking is not a new thing. The satellite folks have been doing this type of thing for years. However the challenge becomes finding the correct code, and applying patches in an extremely small memory space. Apparently the Fedex Kinkos deal is a total no brainer.

Remember, stealing satellite TV, and forging Fedex Kinkos smart cards and claiming a refund could be construed as fraud. That being said, there is a Fedex Kinkos right down the street. I might go pick up a few cards to check out and see how they work.

- L

Fedex Kinko's smart cards hacked

Researchers at Secure Science Corporation have managed tobreak the ExpressPay system used atFedEx Kinko’s stores which is provided by enTrac. The cards are write protected using a 3 byte security code. You cansniff this data using a logic analyzer and then use the code to write any data you want to the card since it isunencrypted. The security code is the same across all cards. FedEx Kinko’s stated that the article is inaccurate, soLance James and Strom Carlson made a video ofthemselves doing the hack in the store: They purchase a card for $1.00 from the kiosk and then use it to log into acomputer and show the balance of $1.00. They logout and use a separate laptop and card reader/writer to change thebalance to $50.00 and modify the serial number. Next they use the card to log back into a computer and show the balanceof $50.00. They let one minute pass so that $0.20 is charge to the card. Finally they logout and use the self-servicekiosk to print out a receipt showing their balance of $49.80 with the fake serial number. At this point the attackercan take the card to the service counter and ask for the balance in cash.

[thanks Sith from Midnight Research Labs]

Read | Permalink | Email this | Linking Blogs | Comments
© 2006 Weblogs, Inc.

Ads by Google

Posted by Larry at 08:59 AM | Permalink | Comments (0)

It appears that "Professor Packetslinger" has asked "his" students as part of an assignment to perform a pen-test against a machine across the internet. No mention of previous permission is mentioned, which is bad.

So, if the students complete the assignment as directed, they are breaking the law. It would also seem that the professor, by coercing the students to break the law, is an accessory. The yet un-named university will not intervene with the professor, but will refer students who scan university systems to the appropriate university authorities. Now, that my friends, is screwed up.

The moral of the story:

Always get permission.

- L

An Assignment From Professor Packetslinger of the School of Loose Screws, (Wed, Mar 1st)

...(more)...

Posted by Larry at 10:23 AM | Permalink | Comments (0)

Thier setup is fairly unique with the level of security that they have implmented. To me, this offers some precious insight on things thay you may want to consider for your own data centers, and disaster recover sites. Now depending on your risk, the security measures may be signifiganly less, and require less security, but the same basic concepts are the same:

• Physical security
• Power availablilty
• Protection from electromagnetic attacks
• Redundant paths for data and utilities

- L

Data center for the paranoid

"The Bunker" is situated in England. It is an impregnable fortress 30 meters below ground. It has three meter think concrete walls, steel doors weighing over two tons, 24-hour watch, guard dogs and CCTV. It offers protection from attacks including crackers, terrorists, electro-magnetic pulse, electronic eavesdropping, HERF weapons and solar flares

Posted by Larry at 09:44 AM | Permalink | Comments (0)

- L

SiteAdvisor plug-in warns surfers of dodgy sites

Web surfers can now get a little free advice on the trustworthiness of the sites they visit, thanks to a new browser plug-in released Wednesday by Boston's SiteAdvisor Inc.

Posted by Larry at 09:23 AM | Permalink | Comments (0)

Exploit code That runs on a windows box, checks for OS version, and for ActiveSync connections. If all of the appropriate conditions are met, the code gets transferred to the handheld device.

Now here is where the "Hat not quite white" part comes in: Make this code work in reverse - handheld to PC transfer and then combine with bluetooth and SMS transfer abilities (such as some other handheld worms, and your world domination plans would be complete.

- L

'Crossover' malcode could jump from PC to handheld

Researchers say they've found the first malicious code built to spread from desktop PCs to wireless handhelds, and it could signal a shift in the threat landscape.

Posted by Larry at 09:51 AM | Permalink | Comments (0)