July « 2008 « psych0tik.blog

Archive for July, 2008

Reading Rainbow: Episode 11

Friday, July 18th, 2008

Windows has it’s place in today’s world. Here are some examples of places it is and really shouldn’t be. http://www.networkworld.com/community/node/29644

Many companies provide their employees with company cell phones. When text messaging is enabled a unique privacy issue develops regarding when the logs may be obtained. Techrepublic’s article explains how legality plays into this issue. http://blogs.techrepublic.com.com/security/?p=490&tag=nl.e036

Which browser is most secure? Which is best ‘out of the box’? This article goes through three popular browsers and discusses their security issues and strengths. http://itmanagement.earthweb.com/…E+vs.+Safari+vs.+Firefox.htm

I recently re-discovered this set of web-radio shows and thought I would post the link. They don’t have a huge selection of shows currently, but the 40 or so that are posted are really top notch. I have recently been working through the series on the Linux Boot Process and cannot recommend it highly enough. http://hackerpublicradio.org/

Quantum physics applied to security. That’s right. By keeping track of the quantum states of photons researchers have found a way to make a cryptographically secure transmission. Any eaves dropper would alter the current state and would therefor destroy the transmission. http://www.economist.com/sci…fm?story_id=11703138

Think you know everything there is to know about information security? This quiz is nowhere near comprehensive, but does ask a few interesting questions. http://www.newsfactor.com/…00Q2H0VF&page=5

Net Perspective has recently created a blog section for their developers and designers. As an ex-employee, I recommend keeping up with this set of blogs as these individuals are some of the top in the industry. http://blog.net-perspective.com/

Tags: FireFox, Internet Explorer, Mobile device security, Net Perspective, Quantum Security, reading rainbow, Safari, SamuraiNet
Posted in SamuraiNet Archive | No Comments »

Using RefControl

Wednesday, July 9th, 2008

Continuing on with my web application penetration testing series I will now go into the usage of RefControl. RefControl is useful in checking referrer-based exploits, such as CSRF.

RefControl

RefControl allows you to specify the referrer for a site when you view it. Accessed either from the Tools->RefControl options is the global list of all rules for all sites that you have set. Access from the right clicking menu are the current settings for the site you are visiting. If you have set no rules, you will be able to add in a new rule.

After selecting the RefControl options for the current site, you are able to add in your custom referer, send no referer, or have RefControl automatically send the root of the current site.

What use is this? With the tidal wave of CSRF exploits being found a tool that can help find these would be welcomed with open arms. This is where RefControl enters the domain. While referrer checking is not a hardened safe guard against CSRF many site still employ its use. By setting RefControl’s custom referrer to an off-site referrer you are able to check forms and links with GET variables simply by interacting as you normally would. If the request goes through, that form or link should be inspected further. Sites using only Token Key Pairs might be vulnerable to this method of probing, but not vulnerable to CSRF itself. This is why it is important to continue inspecting after said vulnerability is found, rather than simply accepting it as a vulnerability.

Another interesting permutation of RefControl is setting the custom referrer to include SQL characters. Many sites check referrers and store then in a database for analytic purposes and this allows the penetration tester to check if those inputs are being validated also.

Tags: browsers, CSRF, FireFox, Penetration Testing, RefControl, SamuraiNet, SQL Injection
Posted in SamuraiNet Archive | 3 Comments »

Oops….

Monday, July 7th, 2008

It has been brought to my attention that the P3P settings in Firefox 2 have actually been disabled. I missed this in my research as I was going more to understand how it worked and simply assumed that it did work. Mozillazine states that “P3P functionality is not present in Firefox and will probably be removed from Mozilla Suite (see bug 225287).” (http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries as provided in a comment on my Cookies, Cookies, Cookies posting.)

I apologize for missing this fact, however; the concept of P3P and third party cookies are still valid so I will leave the posting up.

Tags: browsers, FireFox, Mozilla, P3P, Random, SamuraiNet
Posted in SamuraiNet Archive | No Comments »

Reading Rainbow: Episode 10

Monday, July 7th, 2008

“90% of emails sent are spam” is a statistic found on the following article. With such a large percentage of emails being considered spam protection techniques need to move to proactive, rather than reactive. One method being suggested is tracking the sources and flow of email traffic.http://sify.com/finance/fullstory.php?id=14698112

In my continuing search for information pertaining to cyber warfare I have found the following two articles. The first describes why global hackers are so hard to detect and the problems both security related and political this creates. The second article shows that France is making an effort to join the “digital front line.” It explains France’s strategy to get into the cyber warfare game. http://www.livescience.com/technology/080619-chinese-hackers.html http://news.xinhuanet.com/english/2008-06/19/content_8402780.htm

This article lists 10 of the most infamous “black hat’s” over the years along with what they are known for doing. Interestingly enough, the fact that they are known shows they are not quite as good as people make them out to be. http://www.itpro.co.uk/603831/ten-of-the-most-infamous-black-hat-hackers

With anti-virus software and firewalls on the rise, virus writes have moved to targeting routers. By changing the DNS settings on a router the attacker gains control of all traffic the infected network has access too. Pointing sites to malware ridden pages or conducting man-in-the-middle attacks are only the beginning of this potential. http://www.itpro.co.uk/603852/new-trojan-threat-able-to-control-network-routers

“Be careful what you say” is something we’ve all heard, but in the current day and age perhaps “be careful what you email” is more relevant. Two Bear Stearns hedge fund managers have been brought up on charges for misleading investors. Part of the evidence are email records proving that these two knew the market was not where they claimed it to be. http://biz.yahoo.com/ap/080620/bear_stearns_investigation.html

MySQL may be partially going closed source thanks to Sun, but IBM is taking DB2 to the open source market. It is not directly going to be put out for all eyes, but according to Chris Livesey it is inevitable that DB2 will end up in the open source world. Read more here: http://news.cnet.com/IBM-to-open-source-DB…1694.html?tag=html.alert.hed

For those of you old enough to remember some of Blizzard’s classics: Diablo and Diablo II (and Lord of Destruction), it seems Blizzard is going to be blessing us with Diablo III. So far 2 character classes have been released, the barbarian and the witch doctor. http://www.blizzard.com/diablo3/

Tags: Blizzard, cyber warfare, databases, DB2, Diablo III, IBM, reading rainbow, Routers, SamuraiNet, spam, Trojan
Posted in SamuraiNet Archive | No Comments »

Stupid Spammers

Thursday, July 3rd, 2008

Spam is annoying.

Spam trying to avoid spam filters with it’s 1337 5p34k is more annoying.

Idiotic spammers are the worst. I have been receiving spam from myself for quite some time, but only today did I actually think before simply clearing it out. Why would a spammer send me spam from a spoofed address that is mine? Obviously it would help to avoid certain filters, ones looking at allowed or disallowed email addresses. This method of filtration is extremely weak however and any decent spam filter would still block the email. I also verified these emails were infact spoofed and that my account had not been hijacked. They were indeed spoofed emails.

Beyond my confusion for the reasoning of using the rcpt address as the from address was one question: Who would open spam from themselves?

Here is a collection of subject lines I have received… from myself.

Try these on the dirtiest surfaces in your home..
Get up to 15OO USD by tomorrow..
Vl@gra Cl@lis 72.5324% Save
dirty teein stripping sincerode

Funny… I don’t remember sending any of these emails to myself.

Tags: Rants, SamuraiNet, scammers, spam
Posted in SamuraiNet Archive | No Comments »

and… we’re back!

Thursday, July 3rd, 2008

After nearly a month of no updates, I have returned to post again. Just because I haven’t been posting doesn’t mean that articles aren’t in the works. There are quite a few posts sitting in various stages of partial completion that I will be working to get posted soon. This week’s Reading Rainbow will encompass many of the achieved articles I’ve read since the last episode so it alone should make for decent reading.

Here’s a sneak peak at what’s in store:

Backtrack2 Wireless Shell-script
A continuation of the penetration testing series focusing on RefControl and the User Agent Switcher
My commentary on the “hacker mindset”

Tags: BackTrack 2, Linux, news, pentration testing, Random, reading rainbow, RefControl, SamuraiNet, User Agent Switcher
Posted in SamuraiNet Archive | No Comments »

psych0tik.blog