Security is Inconvenient, Deal With It!

ZD Net had an article entitled "Kernel vulnerability places Samsung devices at risk" and I thought "so, what's new" until I followed the link to the forum post on xda-developers. Then I just lost it because I'm certain that this is a result of plain and simple laziness.

Here are my arguments for why I think it's laziness: First, This is Samsung we're talking about here. This error was should have been caught in code review or QA. Second, according to the first post the primary users of /dev/exynos-mem is

graphic usage like camera, graphic memory allocation, hdmi. By activating pid display in kmsg, surfaceflinger do mmap on the device (via one of the three shared libraries above ?? I have not see reference in binary to these libraires).

Read more...

Ideal Skill Set For the Penetration Testing

Based on questions I’ve gotten over the years and specifically in class, I’ve decided that we need to address some basic skills that every penetration tester should have. While we can’t realistically expect everyone to have the exact same skill set, there are some commonalities.


1. Mastery of an operating system. I can’t stress how important it is. So many people want to become hackers or systems security experts, without actually knowing the systems they’re supposed to be hacking or securing. It’s common knowledge that once you’re on a target/victim, you need to somewhat put on the hat of a sysadmin. After all, having root means nothing if you don’t know what to do with root. How can you cover your tracks if you don’t even know where you’ve left tracks? If you don’t know the OS in detail, how can you possibly know everywhere things are logged?


2. Good knowledge of networking and network protocols. Being able to list the OSI model DOES NOT qualify as knowing networking and network protocols. You must know TCP in and out. Not just that it stands for Transmission Control Protocol, but actually know that structure of the packet, know what’s in it, know how it works in detail. A good place to start is TCP/IP Illustrated by W. Richard Stevens (either edition works). Know the difference between TCP and UDP. Understand routing, be able to in detail describe how a packet gets from one place to another. Know how DNS works, and know it in detail. Understand ARP, how it’s used, why it’s used. Understand DHCP. What’s the process for getting an automatic IP address? What happens when you plug in? What type of traffic does your NIC generate when it’s plugged in and tries to get an automatically assigned address? Is it layer 2 traffic? Layer 3 traffic?


3. If you don’t understand the things in item 2, then you can’t possibly understand how an ARP Spoof or a MiTM attack actually works. In short how can you violate or manipulate a process, if you don’t even know how the process works, or worse, you don’t even know the process exists! Which brings me to the next point. In general you should be curious as to how things work. I’ve evaluated some awesome products in the last 10 years, and honestly, after I see it work, the first thing that comes to my mind is “how does it work”.


4. Learn some basic scripting. Start with something simple like vbs or Bash. As a matter of fact, I’ll be posting a “Using Bash Scripts to Automate Recon” video tonight. So if you don’t have anywhere else to start, you can start there! Eventually you’ll want to graduate from scripting and start learning to actually code/program or in short write basic software (hello world DOES NOT count).


5. Get yourself a basic firewall, and learn how to configure it to block/allow only what you want. Then practice defeating it. You can find cheap used routers and firewalls on ebay, or maybe ask your company for old ones. Start with simple ACL’s on a router. Learn how to scan past them using basic IP spoofing and other simple techniques. There’s not better way to understand these concepts than to apply them. Once you’re mastered this, you can move to a PIX, or ASA and start the process over again. Start experimenting with trying to push Unicode through it, and other attacks. Spend time on this site and other places to find info on doing these things. Really the point is to learn to do them.


6. Know some forensics! This will only make you better at covering your tracks. The implications should be obvious.


7. Eventually learn a programming language, then learn a few more. Don’t go and by a “How to program in C” book or anything like that. Figure out something you want to automate, or think of something simple you’d like to create. For example, a small port scanner. Grab a few other port scanners (like nmap), look at the source code, see if you can figure any of it out. Then ask questions on forums and other places. Trust me, it’ll start off REALLY shaky, but just keep chugging away!


8. Have a desire and drive to learn new stuff. This is a must; It’s probably more important than everything else listed here. You need to be willing to put in some of your own time (time you’re not getting paid for), to really get a handle on things and stay up to date.


9. Learn a little about databases, and how they work. Go download mysql, read some of the tutorials on how to create simple sample databases. I’m not saying you need to be a DB expert, but knowing the basic constructs help.


10. Always be willing to interact and share your knowledge with like minded professionals and other smart people. Some of the most amazing hackers I know have jobs like pizza delivery, janitorial, one is a marketing exec, another is actually an MD. They do this strictly because they love to. And one thing I see in them all is their excitement and willingness to share what they’ve learned with people who actually care to listen and are interested in the same.


These things should get you started. Let me know if you have questions or comments.


Keatron.

Hackers at the Controls

An FBI report seen here details what could be seen as the hacking elite sect of Anonymous, Antisec, using a backdoor to compromise an air-conditioning control system in New Jersey.

This leaves me to the question of how vulnerable the government and private sectors are for these types of compromise of SCADA and building control systems.

Most hack jobs are attempts at ‘low hanging fruit’ or extraction of data. If the players are looking to ‘step it up’, then the heart of the data centers must be considered.

They are all, large and small, requiring the same components:

- Power

- HVAC (heat exchange)

- Flame Retardant Systems

- Secondary Power (UPS and generators)

- Physical Controls

- Space and Equipment

This may fall under facilities or IT, or a mixture of both, but a lot is vendor supported so that means controls go out the window.

Default or low strength passwords may be common!

Read more...

Cybercrime Will Eclipse Terrorism

Cybercriminals are becoming a threat that rivals terrorist groups like al Qaeda, according to the nation's top law enforcement official.

"Terrorism does remain the FBI's top priority, but in the not too-distant-future we anticipate that the cyberthreat will pose the greatest threat to our country," FBI Director Robert Mueller told a gathering of security professionals on Thursday at RSA's annual conference in San Francisco.

"Today, terrorists have not used the Internet to launch a full-scale cyberattack, but we cannot underestimate their intent," he said.

In the wake of the Sept. 11 attacks, the FBI invested heavily to develop new skill sets and formed more than 100 joint anti-terrorism task forces with other government agencies, military branches and local law enforcement organizations.

Read more...

Google.Com Now 'Censors' Explicit Content From Image Searches

Search giant Google has modified its "SafeSearch" feature, which has removed most pornographic, not-safe-for-work (NSFW) or explicit content from its image search results.

First reported on news-sharing site Reddit, hundreds of users have reacted angrily to the move. The new options only appear to affectGoogle.com for now, whereas other regional sites -- such asGoogle.co.uk -- have not yet changed. (My search history is not looking good right now.)

Google search users now have to be a little more specific before receiving goods of an explicit nature. For example, if one were to type in a particular sexual act, Google.com will no longer dish up what one was expecting. If users are more specific in what they are after, then it will return what one expected in the first place.

Read more...

Five Arrested In High-Profile Cyberattacks

NEW YORK (CNN) -- Top members of the computer hacker group"Anonymous" and its offshoots were arrested and charged Tuesday after a wide-ranging investigation used the help of a group leader who was working as a secret government informant.

Five of the suspects, considered by investigators among the "most sophisticated hackers in the world," were arrested in the United States and Europe and charged in a Manhattan federal court over their alleged role in high-profile cyberattacks against government agencies and large companies, according to an indictment.

A sixth man, Hector Xavier Monsegur, a notorious hacker known as "Sabu," pleaded guilty in August to computer hacking and other crimes.

Read more...

Google Hacking With GGGoogleScan

GGGoogleScan
GGGoogleScan is a Google scraper which performs automated searches and returns results of search queries in the form of URLs or hostnames. Datamining Google’s search index is useful for many applications. Despite this, Google makes it difficult for researchers to perform automatic search queries. The aim of is to make automated searches possible by avoiding the search activity that is detected as bot behaviour [1]. Basically we can enumerate hostnames and URLs with the GGGoogleScan tool, which can prove a valuable resource for later.

This tool has a number of ways to avoid being detected as a bot; one of them is horizontal searching, where we’re searching for multiple search words in parallel without requesting the contents of, for example, 1-50 results found by that search query. Rather than that, we’re making a large number of search queries, saving the results and only requesting a small number of web pages that were found as a result of scanning.

Read more...

Hexed – Working Effectively In The Hex Editor

I love my hex editor! I mean I really do. As reverse engineers and binary explorers, the hex editor is arguably the most used tool for human binary reconnaissance. From format exploration to file rebuilding, it’s the best utility in our toolkit with a great legacy of its own. From the diverse range of editors to the ken of features provided, it might seem a little daunting to first timers and redundant to advanced types. It’s my goal in this article to highlight the various features of this mighty tool that might just make your day. Let’s get to it.
What should you expect from your editor?

Locating your bytes:

The main display is always a hex byte representation of the binary file arranged in a tabular fashion.

Read more...

Google's Android Malware Detection Falls Short

Android appears to be on a trajectory to become the Windows of mobile operating systems, but there's a downside to ubiquity. Rising market share means increasing attention from malware authors.

Sophos, a computer security company, asserts that there is a growing malware problem for Android devices and that Android devices are less safe than iOS or Windows Phone devices. The FBI has noticed too, issuing a warning in October about risks facing Android users.

Read more...

Hactivist Group Team Ghostshell Takes Credit For Extensive Breach

The hacktivist group Team Ghostshell took credit Monday for the release of 1.6 million accounts and records stolen from government and private organizations covering aerospace, law enforcement, the military, the defense industry and banking.

Among the organizations the group claimed to have stolen information included NASA's Center For Advanced Engineering, the Department of Homeland Security (DHS) Information Network, the FBI's Washington division in Seattle, the Federal Reserve and Interpol.

Read more...

China Mafia-Style Hack Attack Drives California Firm to Brink

During his civil lawsuit against the People’s Republic of China, Brian Milburn says he never once saw one of the country’s lawyers. He read no court documents from China’s attorneys because they filed none. The voluminous case record at the U.S. District courthouse in Santa Ana contains a single communication from China: a curt letter to the U.S. State Department, urging that the suit be dismissed. 

That doesn’t mean Milburn’s adversary had no contact with him.

Read more...

E-Reader Privacy Chart, 2012 Edition

Who's Reading What Your Reading?

E-readers are great toys but if you concerned with who is tracking you don not get one.

Read more...

Scanning Web Servers With Nikto

Nikto is a tool that it has been written in Perl and it can perform tests against web servers in order to identify potential vulnerabilities. Nikto can be used in web application penetration tests and in some cases can produce juicy results.Specifically if a system administrator has not configured very well his web server and the web server is out of date or there is a misconfiguration Nikto is capable to find them.

For the needs of the article we will use Nikto in order to scan the web server where the DVWA (Damn Vulnerable Web Application) is hosted.Before we start the scan it is always a good practice to perform an update for obtaining the latest plugins.This can be achieved with the -update parameter.

Read more...