Archive for February, 2007
Author: Myrcurial
February 28, 2007 at 4:44 pm · Filed under News
This was part of yesterday afternoon’s links-which-matter…
HID, makers of fine contactless door security systems… have failed to study history.
Blackhat Federal is going on this week and there was to be a presentation on security issues with HID contactless readers… essentially that you can MacGyver them with $20 in eBay’d parts.
HID had an attack of legal-itis.
Yet again, Jeff Moss had to haul out the razors and remove pages from the books and recall the CDs.
“I’m not sure if it was part of HID’s strategy to drop a bomb at the last minute, but it really screwed up our conference strategy,” he said.
I know that I derailed several hundred thousand dollars in spending on Cisco gear based on their behaviour in 2005. I guess it’s time to treat HID with the same disdain that they treat their customers.
In the meantime, for all of you out there using HID contactless equipment, please review your access logs and consider turning on anti-pass-back and velocity monitoring. If you run an infrastructure critical site, seriously consider the need to add a second factor to all outdoor readers (as I can now stand behind a tree and clone your cards)… and find a different manufacturer for the replacement readers.
Author: Dave Lewis
February 28, 2007 at 8:56 am · Filed under News
From CNN (Feb 23):
Microsoft says the blockade is necessary for security reasons. But that is disputed. The circumstances might simply reflect a business decision Microsoft doesn’t want to explain.
The situation involves a technology known as virtualization. Essentially, it lets one computer mimic multiple machines, even ones with different operating systems. It does this by running multiple applications at the same time, but in separate realms of the computer.
Virtualization has long been used in corporate data centers as a way to increase server efficiency or to test programs in a walled-off portion of a machine. The technology also has been available for home users, but often at the expense of the computer’s performance.
I find it funny that the article has an Apple advertisement embedded in it.
Article Link
Tags: Vista, Virtualization, Windows Security
Author: Dave Lewis
February 28, 2007 at 8:51 am · Filed under Malware
Well we talked about RSS hacking the other day and now we see a slight twist on this using the Storm worm. The original storm worm ran rampant in January infecting home user computers for the most part.
The new Storm Worm variant attacks the machines of unsuspecting users when they open an email attachment, click on a malicious email link or visit a malicious site, said Dmitri Alperovitch, principal research scientist at Secure Computing.
But the twist comes when these people later post blogs or bulletin board notices. The software will insert into each of their postings a link to a malicious website, said Alperovitch, who rates the threat as “high”.
So, this worm is taking the RSS attack to a new place. Users will unwittingly be contributing to the spread of the worm.
Be sure to keep your antivirus software up to date.
Article Link
Tags: Storm Worm, Blog Hacking, Malware, Blogs, Blog Posting, Trojan
Author: Dave Lewis
February 27, 2007 at 2:43 pm · Filed under News
Sorry for the late start. I was sitting in a doctors office all morning…sigh.
A special hello to the folks from NORAD that were good enough to spend some time on the site today. Glad you stuck around 
- Lawsuits, patent claims silence Black Hat talk (hope to see this presentation at Defcon. Anyone have a copy of it?)
- EFF Lawsuit Seeks Release of Secret Court Orders on Electronic Surveillance
- When Government Sides With The Crackers
- The stickiest scam on the Internet?
- Private Police Forces
- Hacker who set up dates on ex’s account avoids jail
- Vista Worse For User Efficiency Than XP
- SEC sues ‘hacker’ firm for insider trading
- Microsoft probing holes in Vista, IE 7
Tags: News, Daily Links, Security, Weblog, Vista Holes, SEC, Hacker, Cracker, Scam, EFF
Author: Dave Lewis
February 27, 2007 at 2:25 pm · Filed under Conventions
I’m all booked up for Black Hat / DefCon this summer. I’m really looking forward to it. It’s really the only conference that I have been to in the last few years that I have managed to learn from in any measure. Mind you I was not at Hope or Schmoocon. Sadly the tickets were sold out before I realized they were on sale.
Looking forward to seeing you all in July.
Tags: Black Hat, Conferences, Defcon
Author: Myrcurial
February 27, 2007 at 1:16 pm · Filed under Conventions
So, the big “post conference letdown” has set in (which inspires the planning for the next (: ) and I’ve finally worked my way through a little issue that FileVault and I were having.
In all of it’s glory…
Tags: taunting, tools, rsa, narus
Author: Dave Lewis
February 26, 2007 at 11:58 am · Filed under News
Monday…snow storms…bad traffic…all work and no play…
- The Dissection of a Rootkit
- Malaysia cracks down on Internet scam
- Taiwan trials contactless credit cards
- List of Default Router Passwords (via Schneier)
- Congressman Wants Answers About TSA Site
- Microsoft convicted to a fine of $1.52 billion
- Blighty Vista “overcharging” attacked
- Polymorphic Protector
Tags: News, Daily Links, Security, Weblog, Morning Coffee, Vista, Microsoft Fined, TSA, Router Passwords, Rootkits
Author: Dave Lewis
February 26, 2007 at 10:18 am · Filed under SCADA Security
New Zealand organisations will find their online defences tested for the first time in a huge international cyber-security exercise being coordinated by the US Department of Homeland Security next year.
Private and public-sector organisations will be involved in next March’s Cyber Storm II attack simulation, along with organisations in the US, Canada, the UK and Australia.
The exercise will simulate, on a private network, a series of hacking and “cyber-terrorism events” attempted via the internet.
Lucky you
Article Link
Tags: Cyber Storm, Attack Simulation, Cyber Storm 2
Author: Dave Lewis
February 26, 2007 at 9:10 am · Filed under Vulnerability, Web Security
This was posted over the weekend. There are some vulns in Firefox that have been addressed with the release of 1.5.0.10 and 2.0.0.2 respectively.
From Secunia:
Description:
Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a user’s system.
1) An error in the handling of the “locations.hostname” DOM property can be exploited to bypass certain security restrictions.
For more information:
SA24175
2) An integer underflow error in the Network Security Services (NSS) code when processing SSLv2 server messages can be exploited to cause a heap-based buffer overflow via a certificate with a public key too small to encrypt the “Master Secret”.
Successful exploitation may allow execution of arbitrary code.
NOTE: Support for SSLv2 is disabled in Firefox 2.x. This version is only vulnerable if user has modified hidden internal NSS settings to re-enable SSLv2 support.
3) It is possible to conduct cross-site scripting attacks against sites containing a frame with a “data:” URI as source.
Successful exploitation requires that a user is tricked into visiting a malicious website and opening a blocked popup.
4) It is possible to open windows containing local files thereby stealing the contents when the full path of a locally saved file containing malicious script code is known. This can be exploited in combination with a flaw in the seeding of the pseudo-random number generator causing downloaded files to be saved to temporary files with a somewhat predictable name.
Successful exploitation requires that a user is tricked into visiting a malicious website and opening a blocked popup.
5) Browser UI elements like the host name and security indicators can be spoofed using a specially crafted custom cursor and manipulating the CSS3 hotspot property.
6) It may be possible to gain knowledge of sensitive information from a website due to an error resulting in two web pages colliding in the disk cache thereby potentially appending part of one document to the other.
Successful exploitation requires that a user is tricked into visiting a malicious website while visiting the target website.
7) Various errors in the Mozilla parser when handling invalid trailing characters in HTML tag attribute names and during processing of UTF-7 content when child frames inherit the character set of its parent window can be exploited to conduct cross-site scripting attacks.
8 ) A vulnerability in the Password Manager may be exploited to conduct phishing attacks.
For more information:
SA23046
9) Multiple memory corruption errors exist in the layout engine, JavaScript engine, and in SVG. Some of these may be exploited to execute arbitrary code on a user’s system.
10) An error within the handling of the onUnload event handler and self-modifying document.write() calls can be exploited to corrupt memory and potentially execute arbitrary code.
Article Link
Tags: Secunia, Firefox, Browser Vulnerabilities
Author: Dave Lewis
February 25, 2007 at 6:23 pm · Filed under Administravia
Hey folks. If you tried to access the site earlier today and had problems we would like to apologize. The power company that handles the data center was good enough to down the site. Well, the support folks worked diligently and managed to restore the systems as they came back up.
Things should be all better now. Thanks for your emails.
Next entries »
Explore
Security Bloggers Network
