tag:blogger.com,1999:blog-337795102024-02-21T05:03:53.367+08:00Hacker LifeHackers Life is a daily updated security related blog. We offer information on the latest advisories, viruses, press releases, papers, etc.Unknownnoreply@blogger.comBlogger34125tag:blogger.com,1999:blog-33779510.post-1515910760146412822007-04-15T10:27:00.000+08:002007-04-15T10:33:27.137+08:00Remote hackers could trick users into running malicious code<span class="artText">Confidential vulnerability information managed by the CERT Coordination Center has again been leaked to the public, following a flurry of such leaks in March.<br /><br /></span><span class="artText"><p page="1" class="ArticleBody">The latest information concerns a flaw in PDF (Portable Document Format) readers for Unix and could allow a remote attacker to trick users into executing malicious code on their machines, according to a copy of the leaked vulnerability report. </p> <p page="1" class="ArticleBody">As with confidential CERT information that was leaked in March, the latest report was posted to a vulnerability discussion list by an individual using the name "hack4life." </p> <p page="1" class="ArticleBody">The leaked information was taken from communication sent from CERT to software vendors affected by the PDF problem, according to Jeffrey Carpenter, manager of the CERT Coordination Center. The information appears to be from a vulnerability report submitted to CERT by a Cincinnati security researcher by the name of Martyn Gilmore. </p> <p page="1" class="ArticleBody">Gilmore did not respond to requests for comment and CERT would not comment on how it obtained the PDF vulnerability information or on Gilmore's relationship with the Pittsburgh-based software vulnerability monitoring organization. </p> <p page="1" class="ArticleBody">In the report, Gilmore describes a problem in the way that PDF viewing programs for the Unix platform process hyperlinks within valid PDF documents. When processing hyperlinks, common PDF readers use the Unix "shell" command (sh -c) to launch and pass commands to external programs. For example, clicking on a hyperlink for a Web page would launch the associated Web browser, according to the report. </p> <p page="1" class="ArticleBody">However, Gilmore found that such programs do not properly check the syntax of such commands, enabling arbitrary shell commands to be executed on the vulnerable machine. </p> <p page="1" class="ArticleBody">While attackers are limited by the privilege level of the user clicking the malicious link, the vulnerability could enable a remote attacker to use shell commands to delete files from the user's hard drive or perform other actions without the knowledge of the victim, the report said. </p> <p page="1" class="ArticleBody">Adobe Systems Inc.'s Acrobat Reader 5.06 is affected by the problem in addition to the open-source reader Xpdf 1.01, according to the report. </p> <p page="1" class="ArticleBody">CERT declined to discuss the details of the vulnerability.</p> <p page="1" class="ArticleBody">The vulnerability information was scheduled to be released by CERT on June 23, according to an e-mail message purporting to be from hack4life that prefaced the leaked report. </p> <p page="1" class="ArticleBody">The release date was obtained from CERT communications with its vendors, as well, but CERT declined to comment on whether it would be releasing an advisory regarding the PDF problem on June 23, according to Carpenter. </p> <p page="1" class="ArticleBody">Hack4life cited "college and exams" for the lull in leaked CERT information in recent months and hinted at the likelihood of more disclosures in the future. </p> <p page="1" class="ArticleBody">"I'll have plenty of time to keep you all up to date with what those fools at CERT are up to once college is finished," hack4life wrote. </p> <p page="1" class="ArticleBody">In March, someone using the same name posted information on four vulnerabilities that CERT was investigating to the vulnerability discussion list Full-Disclosure. Those posts included sensitive information on a vulnerability in the Kerberos Version 4 protocol and a problem reported by Microsoft Corp. regarding spammers' abuse of Web redirectors, which forward users of Web portals such as MSN IP (Internet Protocol) addresses close to their geographic location. </p> <p page="1" class="ArticleBody">The PDF information was disclosed to CERT after the vulnerabilities were leaked in March, Carpenter said.</p> <p page="1" class="ArticleBody">Contacted by e-mail in March, hack4life denied any affiliation with CERT and said that the reports were "stolen in a recent computer intrusion." </p> <p page="1" class="ArticleBody">"Fun and amusement" was the primary motivation for stealing and leaking the vulnerability reports. A secondary motivation cited in e-mail by hack4life was anger over CERT's perceived failure to publish vulnerability information in a timely manner. </p> <p page="1" class="ArticleBody">At the time, CERT officials cast doubt on hack4life's assertion that the reports were hacked, saying that the information was most likely leaked by a member of one of the development teams CERT works with to evaluate vulnerabilities. </p> <p page="1" class="ArticleBody">The latest incident reaffirms CERT's belief that the problem lies with its vendors rather than with its own systems, Carpenter said. While CERT does not yet know which vendor is responsible for the leak, the organization is confident that an insider threat or compromise at one of the companies it deals with is responsible for the leaks, he said. </p> <p page="1" class="ArticleBody">CERT is communicating with vendors about the problem, but Carpenter would not comment on whether CERT is working with law enforcement to catch the person responsible for the leaks. </p> <p page="1" class="ArticleBody">"I'm not going to get into those specifics at this point," he said.</p> <p page="1" class="ArticleBody">CERT plans to consult with affected vendors and discuss how to proceed now that the information is public, he said.</p></span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-52022567059769650082007-04-09T12:35:00.000+08:002007-04-09T12:37:17.007+08:00VESA adds anti-piracy tech to DisplayPort<div id="Body"><p>The Video Electronics Standards Association (VESA) has posted DisplayPort version 1.1, almost a year after the digital monitor connection standard was first published.</p> <p>DisplayPort is pitched as the successor to not only DVI external monitor connections but also LVDS, used to hook up notebook panels. Heck, it'll even replace VGA, VESA said in a tone suggesting the analogue standard will be around for some time yet.</p>DisplayPort 1.1 adds support for the HDCP 1.3 anti-duplication system, essential for allowing protected content on Blu-ray Disc and HD DVD media to be carried at full resolution to a DisplayPort-connected screen. The new spec also adds low-power and low-voltage modes <p align="center"><img src="http://www.channelregister.co.uk/2006/05/05/displayport.jpg" alt="vesa displayport connector" title="vesa displayport connector" height="202" width="260" /></p> <p>DisplayPort is an alternative to the HDMI screen connection standard being promoted by the consumer electronics industy. The crucial difference is support for audio information: HDMI hosts sound as standard, for DisplayPort 1.1 it's optional. VESA sees DisplayPort as the standard for business-oriented systems, while HDMI will be the natual choice of monitor port for computers aimed at consumers. <a href="http://www.reghardware.co.uk/"><img src="http://regmedia.co.uk/2007/01/25/rh_coloph_1.png" alt="" height="12" width="22" /></a></p> </div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-23732322722386184072007-04-09T12:32:00.000+08:002007-04-09T12:34:35.495+08:00Microsoft hits Middle East pirates<div id="Body"><p>Microsoft is taking legal action against several companies it accuses of selling academic copies of Office to ordinary punters.</p> <p>Schools and colleges can get cut-price software from Microsoft, but Microsoft says some resellers, in Jordan and elsewhere, have been selling the software on to companies and consumers in the US.</p>Microsoft has filed nine lawsuits and sent over 50 cease and desist letters. The legal action was started in the US, where the software was sold. <p>Microsoft UK anti-piracy head Michala Alexander told <cite>The Reg</cite>: "We're taking action against several global organisations who have been getting hold of academic copies of Office and selling them on in breach of the terms and conditions."</p> <p>Alexander said the launch of Vista has increased piracy for older versions of Microsoft software: "It's like the end of season sale. We've not seen any Vista products in the UK yet - we made a big investment in anti-piracy measures and I think the activation process certainly helps."</p> <p>As part of the same crackdown, Microsoft has settled with eDirectSoftware one of its biggest distributors of academic software, after its involvement in a similar scheme. ®</p> </div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-36672370843984727102007-04-05T15:05:00.000+08:002007-04-05T15:08:56.584+08:00Hacking as an inside job<span style="font-style: italic;"><blockquote>"Leaving your Web applications insecure makes no more sense than building a brick wall but using a gate made from chain link fencing." – James Gaskin<br /></blockquote></span>Whenever the President of the United States travels anywhere there are numerous individuals charged with making sure the President is secure and unharmed from attack. This is the premise behind Internet security. The work you have done on your site is the product of valuable time and energy. For some business owners the website represents significant research and creative energy. It is possible for a vulnerable website to be hijacked and remade in the image of something that only resembles your website in name only or to have safeguarded data copied for the use of a third party.<br /><br />One of the biggest mistakes a website owner can make is allowing the work to be left unguarded. As reported in recent years hacking of a computer system can occur both from within a company or from a remote location, which makes the use of Internet security so important.<br /><span style="font-style: italic;"><blockquote>“Advances in firewall technology (making them easier to install and configure), improvements in vulnerability scanning and better explanations of how to repair them, and better intrusion-detection with fewer false-positives are all key technologies in this race.” – Dr. Charles C. Palmer<br /></blockquote></span>Some hackers argue they are not involved in felonious activities, but are simply seeking knowledge and using the internet to find answers, however the U.S. Government views the activity as a felony and punishable by applicable state and federal laws.<br /><br />It should be noted that the term hacker has been adjusted. No longer is the term ‘hacker’ only used to describe someone gifted at programming and is able to break a website code to gain access to information. Today a hacker is also someone who misappropriates company data. Typically this scenario occurs from an inside and often trusted source.<br /><span style="font-style: italic;"><blockquote>“System administrators must learn about and maintain their systems securely. Users have to understand their security responsibilities.” – Dr. Charles C. Palmer<br /></blockquote></span>In many cases, business are now making a non-disclosure agreement a part of the hiring procedure to provide an extra legal recourse in the event that data is electronically removed and used in ways unauthorized by company heads.<br /><span style="font-style: italic;"><blockquote>“If a stranger came into your house, looked through everything, touched several items, and left (after building a small, out of the way door to be sure he could easily enter again), would you consider that harmless?” – Dr. Charles C. Palmer</blockquote></span>Taking security issues seriously is needed in the development of a web-based business infrastructure. It may be worth exploring both on-site and off-site security features as a means of ensuring the long-term usability of your website.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-45584426606294238512007-04-05T15:03:00.000+08:002007-04-05T15:05:19.206+08:00Avoiding Internet Fraud and ScamsAs ever more people use the internet for shopping, business transactions, online banking, etc., the incidence of internet fraud and scams has shot up in an alarming fashion. Not only has the level of internet crime increased but the scammers and fraudsters grow cleverer and more sophisticated every day. What can you do to fight back? In this article I will describe the most common scams of today so that you can recognize them for yourself and I will suggest how you might deal with them. Read on and find out how to avoid being taken!<br /><br />Most of us are familiar with the dangers to our computers from viruses and similar destructive programs. There are many “fake” virus threats, however, which do no actual harm but can cause people to become alarmed and perhaps waste a lot of time. A recent example of this type of scam is the Death Ray virus scam which threatened to cause your computer to “explode in a hellish blast of glass fragments and flames”. A virus can damage software and files but NO virus can physically damage your computer hardware. If you inadvertently open an email containing such a threat simply delete the email and ignore it.<br /><br />Then there is the classic “Nigerian” money scam. I put Nigerian in quotes because this particular scam started off purporting to come from Nigeria but now can originate from virtually any country. The most common are from countries where the political situation is such that the claims made in the scam are plausible. This is how it works. You will receive an email from someone saying that their money, usually a huge sum, is tied up in local banks. They need the money to pay bills or perhaps to get out of the country safely. You are asked to help them by having the money transferred to your account and you will be given a percentage of the cash for allowing them access. Needless to say once they have your bank account details you will never hear from them again, but you will see a large depletion of the money in your account!<br /><br />You have probably heard of “phishing”. This refers to a particularly nasty scam which uses your personal details, credit card, bank account, social security, etc., to enable the thief to purchase goods, withdraw money and so on, all in your name. Never give your personal details in an email. Be sure that any web page that asks for such information is secure. Its address will begin with https:// rather than just http:// and there will be an icon in the form of a padlock in the right hand corner of your task bar. Clicking on the padlock will present a screen which gives details of the website’s security certificate.<br /><br />Anything which says you have won a valuable prize in a competition or lottery which you did not enter should immediately start the warning bells ringing. You are likely to see many variations on this scam, including getting free cases of coke, free clothing from high profile stores, free cases of beer, free Dell computers and free cell phones. Usually you have to pay a fee to receive your prize. Once you have paid the fee you will never hear anything more. There is the added danger here of the thieves possibly having access to your credit card details.<br /><br />A particularly deplorable form of scams are those relating to “work at home” opportunities. They prey on people on low incomes or the unemployed, people who are desperate for money. A rosy picture will be painted of the large amount of money that will be made for carrying out some menial task such as filling envelopes. They will ask for a fee upfront to pay for the supplies you will need to get started. You know you’ve been had when the supplies arrive; paper clips, paper, rubber bands and the like, at four times the cost of what you buy the items for in your local store. Not only that but when you complete any tasks you are set and send the work to them, they will say it was not up to the required standard and refuse to pay you. That is if you ever hear anything at all. If you are interested in working at home there are plenty of legitimate companies out there. They won’t contact you first and they won’t ask for money from you before sending you work.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-75441591452910728082007-04-05T15:00:00.000+08:002007-04-05T15:03:33.816+08:00Computer Security, Viruses And ThreatsToday, many people rely on computers to do homework, work, and create or store useful information. Therefore, it is important for the information on the computer to be stored and kept properly. It is also extremely important for people on computers to protect their computer from data loss, misuse, and abuse. For example, it is crucial for businesses to keep information they have secure so that hackers can't access the information. Home users also need to take means to make sure that their credit card numbers are secure when they are participating in online transactions. A computer security risk is any action that could cause loss of information, software, data, processing incompatibilities, or cause damage to computer hardware, a lot of these are planned to do damage. An intentional breach in computer security is known as a computer crime which is slightly different from a cybercrime. A cybercrime is known as illegal acts based on the internet and is one of the FBI's top priorities. There are several distinct categories for people that cause cybercrimes, and they are refered to as hacker, cracker, cyberterrorist, cyberextortionist, unethical employee, script kiddie and corporate spy.<br /><br /><span style="font-weight: bold;">*The Hacker.</span><br />The term hacker was actually known as a good word but now it has a very negative view. A hacker is defined as someone who accesses a computer or computer network unlawfully. They often claim that they do this to find leaks in the security of a network.<br /><br /><span style="font-weight: bold;">*The Cracker.</span><br />The term cracker has never been associated with something positive this refers to someone how intentionally access a computer or computer network for evil reasons. It's basically an evil hacker. They access it with the intent of destroying, or stealing information. Both crackers and hackers are very advanced with network skills.<br /><br /><span style="font-weight: bold;">*The Cyberterrorist.</span><br />A cyberterrorist is someone who uses a computer network or the internet to destroy computers for political reasons. It's just like a regular terrorist attack because it requires highly skilled individuals, millions of dollars to implement, and years of planning.<br /><br /><span style="font-weight: bold;">*The Cyberextortionist.</span><br />The term cyberextortionist refers to someone who uses emails as an offensive force. They would usually send a company a very threatening email stating that they will release some confidential information, exploit a security leak, or launch an attack that will harm a company's network. They will request a paid sum of money to prevent the threat from being carried out, a bit like black mailing.<br /><br /><span style="font-weight: bold;">*The Unethical Employee.</span><br />An unethical employee is an employee that illegally accesses their company's network for numerous reasons. One could be the money they can get from selling top secret information, or some may be bitter and want revenge.<br /><br /><span style="font-weight: bold;">*The Script Kiddie.</span><br />A script kiddie is someone who is like a cracker because they may have the intentions of doing harm, but they usually lack the technical skills. They are usually silly teenagers that use prewritten hacking and cracking programs. *The Corporate Spy.<br />A corporate spy has extremely high computer and network skills and is hired to break into a specific computer or computer network to steal or delete data and information. Shady companies hire these type people in a practice known as corporate espionage. They do this to gain an advantage over their competition an illegal practice.<br /><br />Business and home users must do their best to protect or safeguard their computers from security risks. The next part of this article will give some pointers to help protect your computer. However, one must remember that there is no one hundred percent guarantee way to protect your computer so becoming more knowledgeable about them is a must during these days.<br /><br />When you transfer information over a network it has a high security risk compared to information transmitted in a business network because the administrators usually take some extreme measures to help protect against security risks. Over the internet there is no powerful administrator which makes the risk a lot higher. If your not sure if your computer is vulnerable to a computer risk than you can always use some-type of online security service which is a website that checks your computer for email and Internet vulnerabilities. The company will then give some pointers on how to correct these vulnerabilities.<br /><br />The Computer Emergency Response Team Coordination Center is a place that can do this. The typical network attacks that puts computers at risk includes viruses, worms, spoofing, Trojan horses, and denial of service attacks. Every unprotected computer is vulnerable to a computer virus which is a potentially harming computer program that infects a computer negatively and altering the way the computer operates without the user's consent. Once the virus is in the computer it can spread throughout infecting other files and potentially damaging the operating system itself.<br /><br />It's similar to a bacteria virus that infects humans because it gets into the body through small openings and can spread to other parts of the body and can cause some damage. The similarity is, the best way to avoid is preparation. A computer worm is a program that repeatedly copies itself and is very similar to a computer virus. However the difference is that a virus needs to attach itself to an executable file and become a part of it. A computer worm doesn't need to do that, it copies itself to other networks and eats up a lot of bandwidth.<br /><br />A Trojan Horse named after the famous Greek myth and is used to describe a program that secretly hides and actually looks like a legitimate program but is a fake. A certain action usually triggers the Trojan horse, and unlike viruses and worms it will not replicate itself. Computer viruses, worms, and Trojan horses are all classified as malicious-logic programs which are just programs that deliberately harm a computer. Although these are the common three there are many more variations and it would be almost impossible to list them. You know when a computer is infected by a virus, worm, or Trojan horse if your computer displays one or more of these things:<br /><br />* Screen shots of weird messages or pictures appear.<br />* You have less available memory than you expected.<br />* Music or sounds plays randomly.<br />* Files get corrupted.<br />* Programs are files don't work properly.<br />* Unknown files or programs randomly appear.<br />* System properties fluctuate.<br /><br />Computer viruses, worms, and Trojan horses deliver their payload or instructions through three common ways.<br /><br />1 - When an individual runs an infected program so if you download a lot of things you should always scan the files before executing, especially executable files.<br /><br />2 - When an individual boots a computer with an infected drive, so that is why it's important to not leave removable media in your computer when you shut it down.<br /><br />3 - When an unprotected computer connects to a network. Today, a very common way that people get a computer virus, worm, or Trojan horse is when they open up an infected file through an email attachment.<br /><br />There are literally thousands of malicious logic programs and new ones come out by the numbers so that's why it's important to keep up to date with new ones that come out each day. Many websites keep track of this. There is no known method for providing 100% protection for any computer or computer network from computer viruses, worms, and Trojan horses, but people can take several precautions to significantly reduce their chances of being infected by one of those malicious programs. Whenever you start a computer you should have no removable media in the drives. This goes for CD, DVD, and floppy disks. When the computer starts up it tries to execute a boot sector on the drives and even if it's unsuccessful any given virus on the boot sector can infect the computer's hard disk. If you must start the computer using removable media for any reason, such as when the hard disk fails and you are trying to reformat the drive make sure that the disk is not infected.<br /><br /><span style="font-weight: bold;">How can you protect your computer? </span><br />The best way to protect your computer from any of the above is by using good quality internet securities software. Purchasing this from a reputable security company is recommended to ensure that your software is kept up to date with the most recent virus signatures. If you are not up to date an unrecognised virus will not be stopped by the software. A full security package will protect you from viruses, Worms, Trojan horses, keyloggers and will detect when a hacker is attempting to hack into your computer and prevent them from gaining access when you are online or connected to a network. It is not advisable to use a free antivirus service as these do not provide adequate protection and are a false economy. Recommended internetUnknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-51698403874516181142007-04-05T14:52:00.000+08:002007-04-05T15:08:08.800+08:00Want to become a hacker?Monday in a "chatroom interview" in Beijing someone asked me how to become a hacker. (Those of you visiting this web page from the People Magazine article, you should know the term "hacker" here refers to a computer programmer, not an internet vandal). <p> My interlocateur wanted to contribute to an open source project, but what tools should he use? What books should he read? Where should he hang out? Where should he start?</p><p> I've been asked this a few times so I thought I'd repeat my answer here. <a href="http://primates.ximian.com/%7Emiguel/">Miguel</a> tells me he gets this question all the time too, and gives the same answer I do. </p><p> So, I'll let you in on the secret. Here are the steps to becoming a hacker: </p><ol><li>Download the source code to the program you want to change</li><li>Untar it on your hard drive</li><li>Get it to build and run</li><li>Open the source code in an editor</li><li>Find the part of the code that you need to change to make the program do what you want it to do</li><li>Make the changes you need to make to the code and test it to make sure it works</li><li>Run the <tt>diff -u</tt> command and email the output to the mailing list</li></ol><span style="font-weight: bold;"> That's it; follow those instructions and I guarantee you will be a hacker.</span><br /><p> If there are no programs that you want to change, then maybe you don't want to be a hacker after all. Or maybe you haven't used software enough; how can you be a software user in 2005 and not have things you want to change? </p><p> Steps 1-4 sound stupid and obvious, but the fact is most people get stuck on step 1. Can you be a hacker if you don't have any source code on your computer? It might be possible but I haven't seen it done. </p><p> If you bloody your toes on step 3 a few times, don't be discouraged. It is ridiculous and humiliating but sometimes this step takes the longest and is the most difficult. </p><p> If you're lucky, step 5 is as easy as grepping the source tree for some relevant string from the program's GUI or output. It's more likely that you'll need to spend some time figuring out the layout of the code, sprinkling source files with <tt>printf</tt>'s as you home in on the right area. It might also help to step through things in a debugger. </p><p> Step 5 gets easier the more experience you have. The more code you've read, the more programming patterns you know. Recognizing programming idioms makes it easier to figure out what someone else was thinking when he wrote the code you're trying to change. Of course step 5 is also easier if the software you're working on was written by a programmer with a lot of experience, who tries extra hard to write easy-to-understand code. Programmers with experience write easier-to-read code because they've been through the shock of having to fix a bug in code they wrote a year earlier and recognizing nothing.<br /></p><p> </p> <p> Step 6 is commonly referred to as "hacking" but it's not always the part that takes the longest. If you're trying to hack a change into something big and complex, expect step 5 to eclipse step 6 in time consumption. One of the best hackers at Novell recently spent two months working on a hack involving <a href="http://www.wine-hq.com/">Wine</a> that ended up being a two line change. So prepare yourself mentally to spend a lot of time in step 5 before you reach step 6, and sometimes to go back from 6 to 5 a few times. </p><p> But most people don't reach this point, so if you're at step 6 you can safely call yourself a hacker. Whole books are written on how to do a good job of step 6, so I won't elaborate too much here, except to say that you probably can't be good at writing code until you've written a huge amount of it. </p><p> The real key to being a hacker is <i>getting to the point where you're hacking</i>. Without source code, a working build and a working knowledge of the layout of the code, you're not even able to start hacking. But once you know your way around in there and you're writing code and watching the program take shape, well, that's the fun part. </p> You just gotta get there.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-6482814514836177792007-04-04T17:02:00.000+08:002007-04-04T17:11:56.063+08:00McKinnon loses fight against extradition<div id="Body"><p style="font-weight: bold;">Gary McKinnon, the alleged Pentagon hacker, has lost his appeal against extradition to the US on hacking charges.</p> <p>McKinnon failed to convince Appeal Court judges on Tuesday to overturn a 2006 ruling by Home Secretary John Reid that his extradition should go ahead. The Scot now faces a US trial of breaking into and damaging US Government computers.</p>McKinnon is alleged to have hacked into computers belonging to the US Army, US Navy, US Air Force, Department of Defense, and NASA in 2001 and 2002. The Scot lost his first appeal against extradition in an High Court hearing last July but was given leave to take his case to a Appeal Court, a move that culminated in failure on Tuesday. <p>The unemployed sysadmin has had these charges over his head since March 2002 when he was arrested by officers from the UK's National High Tech Crime Unit. The case against him lay dormant until July 2005, when extradition proceedings were brought against him. His lawyers consistently argued that McKinnon ought to be tried in the UK over his alleged offences, rather than the US.</p> <p>McKinnon (AKA Solo) admits he looked at computer systems without permission, but claims he did no harm. He got involved in hacking after reading <cite>Disclosure</cite> by Stephen Grea, which convinced him that the US had harvested advanced technology from UFOs (such as anti-gravity propulsion systems) and kept this knowledge secret, to the detriment of the public.</p> <p>He was caught after US military agencies detected system intrusions which were traced back to the UK. UK authorities identified McKinnon as the attacker after obtaining records of British sales of a software tool called RemotelyAnywhere to McKinnon. Subsequent police work made him a prime suspect in the case, described by US authorities as the biggest military hack ever. ®</p> </div><a href="http://technorati.com/claim/de8m4iyx" rel="me">Technorati Profile</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-8734998344167735642007-04-04T08:14:00.001+08:002007-04-04T08:14:56.732+08:00eBay users targeted by advanced Trojan<div id="Body"><p><strong class="Label">Updated</strong> eBay users are being targeted by an advanced Trojan that attempts to redirect traffic so it can silently bid on a car from the auction site's car section, Symantec is <a href="http://www.symantec.com/enterprise/security_response/weblog/2007/03/ebay_motors_scam.html" target="_blank">warning</a>. It is the latest security headache for eBay, which has faced an onslaught of complaints from some users who say fraud on the site has increased to unacceptable levels over the past few months.</p> <p>eBay officials are aware of the Trojan and are working with Symantec to prevent it from affecting buyers and sellers, a spokeswoman said.</p>Trojan.Bayrob implements a proxy server so that traffic intended for eBay is instead sent to one of several sites controlled by the attacker. Traffic is redirected by changing settings corresponding to at least six eBay URLs in the victim's hosts file. Once connected to rogue servers, Bayrob is programmed to download configuration data, including a variety of php scripts. <p>At least one of the scripts, Var.php, downloads variables such as tokenized versions of eBay pages designed to dupe a victim into thinking they are legitimate. One such <a href="http://www.symantec.com/enterprise/security_response/weblog/upload/2007/03/ebaymotors1-lg.html" target="_blank">page</a> spoofs eBay's "Ask a question" section, which allows prospective buyers to - wait for it - ask sellers questions.</p> <p>The tokenized variables let the attacker dynamically replace key strings such as the seller's name with ones doctored by the attacker, lending power and authenticity to the scheme. There are also feedback pages, for example, with high ratings, which are designed to give the victims confidence in the attacker and complete an auction.</p> <p>This man-in-the-middle approach is unusual for eBay attacks, which usually involve phishing traps or keyloggers. But getting code to execute properly in man-in-the-middle attacks is difficult, and Symantec said the rogue servers did not appear to be returning variables needed to actually generate the spoofed pages.</p> <p>eBay security has suffered several black eyes dating back to at least December, when longtime users say the number of fraudulent auctions being offered by users with high ratings began to grow. A hacker who goes by the name Vladuz has also embarrassed eBay security officials by gaining unauthorized access to servers on at least two occasions. The breaches allowed him to mock the company even as he posed as one of its employees.</p> <p>eBay representatives have said Vladuz was able to penetrate only a limited section of eBay's system that is not able to access customer records and other sensitive information. They have also said most hijacked accounts are the result of users falling for phishing emails. ®</p> </div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-33980730370490495352007-04-04T08:13:00.001+08:002007-04-04T08:13:50.404+08:00Blogger.com 'riddled' with malware<div id="Body"><p>Blogger.com, home of the weblog publishing system owned by Google, has been infiltrated by a number of phishing sites, security watchers report.</p> <p>In some cases, the Stration mass mailer is being used to drive traffic to these fraudulent sites. One such scam is a "storefront" for Pharmacy Express, which redirects from a Blogspot.com (now Blogger.com) link. The site is designed to harvest the personal information of prospective marks.</p>Beyond the problem of spam and phishing sites, a number of Blogger.com sites have been compromised with malicious code. For example, a blog site seemingly created by a Honda CR450 enthusiast is hosting the Wonka Trojan. <p>Hundreds of other Blogging sites (covering subjects ranging from <cite>Star Wars</cite>, school, furniture, Christmas, cars, and girlfriends) are also infected, according to net security appliance firm Fortinet, which has published an <a href="http://www.fortiguardcenter.com/advisory/FGA-2007-04.html" target="_blank">advisory</a> highlighting its concerns. ®</p> </div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-4530453486610537742007-04-04T08:11:00.001+08:002007-04-04T08:12:53.070+08:00Grum worm poses as IE7 beta<div id="Body"><p>Hackers are trying to trick prospective marks into loading malware that poses as a "beta" version of Internet Explorer 7.</p> <p>Widely circulated emails, which pose as messages from admin@microsoft.com and feature subject lines such as "Internet Explorer 7 Downloads", display an image which invites gullible users to download beta 2 of Internet Explorer 7. Users who click on the authentic-looking image download a file called ie7.0.exe infected by the <a href="http://www.sophos.com/security/analyses/w32gruma.html" target="_blank">Grum-A worm</a>.</p>Besides the fact that downloading software advertised in unsolicited emails is a bad idea, surfers might also want to note that the full version of IE7 was released in October 2006 (the bet2 2 version was released in April 2006). Users should go direct to the original developer's site, or some other trusted outlet, when searching for software updates, yet many are yet to learn this lesson, a failing hackers are all too willing to exploit. <p>Punting malware that poses as software downloads from Microsoft is an all too common trick. The Gibe-F (AKA Swen) worm of 2003, for example, posed as a critical security update from the software giant, fooling many in the process. Two years ago hackers directed surfers to a bogus website masquerading as Microsoft's update site. ®</p> </div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-65405535831930144612007-04-04T08:03:00.000+08:002007-04-04T08:05:21.675+08:00Vista keygen hoax exposed<div id="Body"><p>Doubts have arisen about the effectiveness of a Windows key generator package that allegedly offered a means to circumvent Microsoft's anti-piracy protection.</p> <p>Activation codes for Vista were said to have been obtained by brute force using key generator software that randomly tries a variety of 25-digit codes until it finds one that works.</p> <p><a href="http://keznews.com/2431_Vista_Brute_Force_Keygen" target="_blank">Initial reports</a> on Keznews suggested that the unsophisticated attack worked. Over the weekend, however, the author of the package has stepped forward to say these people must be either mistaken or telling porkies because the program is ineffective.</p> <p>"The brute force keygen is a joke. I never intended for it to work. I have never gotten it to work. Everyone should stop using it," the anonymous coder said on a <a href="http://keznews.com/forum/viewtopic.php?t=2782" target="_blank">post</a> to the Keznews forum.</p> <p>Rather than go through the tedious business of running something like the key generation, we heard from <em>Register</em> readers that some people on either side of the Atlantic have surreptitiously used the activation codes printed on boxed copies of Vista or stickers on new PCs to get their system up and running with illicitly downloaded copies of Vista.</p> <p>One reader cast doubt on this approach saying that Vista keys are normally inside copies of boxed software so users would have to undo shrink wrapped packaging. That still leaves the possibility of copying codes from stickers on PCs with Vista preloaded, however.</p> <p>And although the Windows key generator may be a hoax, Hexus reports a more workable approach to cracking Vista.</p> <p>The latest attack exploits Vista's System Locked Pre-installation 2 (SLP2) mechanism, technology which allows Microsoft's favoured hardware partners to avoid users having to activate their Vista installs. SLP2 combines an OEM specific certificate along with markers in the machine's BIOS and an appropriate product key.</p> <p>The hack involves creating a BIOS emulator that serves up the correct BIOS data when needed. Used in combination with the appropriate OEM certificate and product key this defeats the activation mechanism. Information on the OEM certificates and other information needed for the hack to work are available. Withdrawing the affected keys in order to defeat the hack would likely upset Microsoft's OEMs.</p> <p>Although Microsoft might still be able to defeat it, the hack might be effective in the short-term, and emulator writers might update their technology too, creating a serious headache for Microsoft, Hexus <a href="http://www.hexus.net/content/item.php?item=7999" target="_blank">reports</a>. ®</p> </div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-77023044624624325232007-04-04T07:58:00.000+08:002007-04-04T08:01:51.885+08:00Windows Trojan masquerades as Vista hack<div id="Body"><p>A week after Windows Vista's official launch hackers have devised their first attack, targeting pirates trying to install illegal copies of Microsoft's operating system.</p> <p>A supposed Windows Vista crack called Windows Vista All Versions Activation 21.11.06 is <a href="http://apcmag.com/node/4737" target="_blank">reportedly</a> doing the rounds, offering those tempted by the chance of sticking it to Microsoft the ability to install illegal versions of Windows Vista.</p>However, the software is not a Windows Vista crack and pirates get something they didn't expect - installation of a Trojan called PSW.Win32.LdPinch.aze - something with a <a href="http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-PSW.Win32.LdPinch.aze&threatid=90833" target="_blank">"high"</a> threat level. <p>Apparently, most anti-virus scanners can recognise the Trojan, but NOD32 and the latest software from Norton won't.</p> <p>The installer follows in the footsteps of a Windows XP hack circulated by the devils0wn group in 2001, which allowed users to bypass product activation of Windows XP.</p> <p>Windows Vista is currently available for download only to customers on Microsoft's volume licensing deals and won't become generally available until January. The Trojan would therefore likely hit certain business users and those working in businesses passing on copies to friends, family, or colleagues.</p> <p>Worryingly for business users in general, though, is the fact the Windows Vista <a href="http://it.slashdot.org/article.pl?sid=06/12/03/1453244" target="_blank">DVD</a> has been designed to make it easy for third parties' software to be inserted with the operating system for mass distribution. That potentially lets hackers insert their code just as easily as Microsoft partners. ®</p> </div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-34576344962026291642007-02-22T17:50:00.000+08:002007-02-22T17:52:59.188+08:00U.K. Approves Extradition Order for Hacker<p class="storybody">The U.K. approved an extradition request this week to send a computer hacker to the United States, where he'll be tried for allegedly crippling military networks shortly after the terrorist attacks in September 2001. </p><p class="storybody">Gary McKinnon, 40, of London, has freely discussed his hacking exploits that led to the seizure of his equipment in March 2002. McKinnon, who admitted probing networks but claims he did no damage, fought extradition on the grounds he could be classified as an enemy combatant and held under similar conditions as other terrorist suspects held by the United States. </p><p class="storybody">McKinnon has two weeks to appeal. If extradited, he will face trial in the U.S. District Court for the Eastern District of Virginia. </p><p class="storybody">The U.S alleges that McKinnon gained access to 97 government computers between February 2001 and March 2002, copying files and deleting data. The systems included those used to replenish munitions and supplies for the U.S. Navy's Atlantic fleet and the NASA space agency. </p><p class="storybody">In one incident, McKinnon allegedly deleted system files and logs that shut down 300 computers at a U.S. Navy base "at a critical time" immediately after the Sept. 11 attacks, according to court documents. His alleged exploits are estimated to have caused more than $US700,000 in damage in total. </p><p class="storybody">McKinnon, who went by the nickname "Solo," used a program called "RemotelyAnywhere" to control computers and access files. The former systems administrator said the networks he accessed often had low security, with easy-to-guess administrator passwords. </p><p class="storybody">McKinnon said he continued to hack even after his probed had been noticed. On one occasion he miscalculated the time zones between the U.S. and the U.K., accessing a computer while someone was using it. The connection was immediately cut by the user, McKinnon said.</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-63600311796967695232007-02-22T17:48:00.000+08:002007-02-22T17:49:50.015+08:00Network Technician Wins Vista 'Rocketplane' Ride<p class="storybody">Space could indeed become the final frontier for a 29-year-old network technician who was chosen as the winner of a Windows Vista promotional contest -- as long as the taxman doesn't put a crimp in his flight plans. </p><p class="storybody">William Temple, who works at medical insurer HealthNet in California, was announced today as the winner of the US$250,000 grand prize from Microsoft's "Vanishing Point" promotion, qualifying him for a 2009 flight that would blast him 62 miles into the air -- to the edge of outer space. In a random drawing, Temple's name was selected from among those of the 87,000 registered players of Vanishing Point, an interactive puzzle game sponsored by Microsoft and Advanced Micro Devices. </p><p class="storybody">The monthlong game involved arcane puzzles and cryptic clues that were handed out to would-be puzzle solvers via Las Vegas light shows during the Consumer Electronics Show, skywriting above four cities, coded images projected onto monuments and a fireworks finale above Seattle. </p><p class="storybody">Temple was chosen as the winner last Tuesday despite freely admitting that he had accumulated only 370 points out of the 1,500 maximum and that after solving the first puzzle on his own, he benefited from solutions posted on the Internet by other game players. According to Microsoft, any player could win, but a higher number of points increased someone's chance of winning. </p><p class="storybody">"We had some people who solved every single puzzle," said Aaron Coldiron, a Vista manager at Microsoft. "But we feel good about Will winning. He's right in the target demographic." </p><p class="storybody">That demographic, according to Microsoft, was men who are between the ages of 18 and 35 and are interested in technology. Reaching that group via conventional advertising is increasingly difficult and expensive. Coldiron said the total cost of staging the Vanishing Point game was "less than a single Super Bowl commercial." The going rate to air a 30-second spot during this year's game was as much as US$2.6 million, which doesn't include the costs of producing the commercial. </p><p class="storybody">Not that Microsoft isn't investing elsewhere: it's expected to spend US$500 million to market Vista this year, according to published reports. </p><p class="storybody">Some US$50,000 of that money will go to help Temple pay taxes on his flight, which is valued at US$196,500. The tax payment could be crucial: In 2005, the winner of an Oracle contest that would have given him a free space flight ultimately declined the trip because he would have had to report the ride, valued at US$138,000, as income and pay US$25,000 in taxes as a result. </p><p class="storybody">Coldiron said Microsoft is working with Temple to "understand his tax situation" and will offer additional money if his tax bill from the trip turns out to be even higher than the budgeted US$50,000.<br /></p><p class="storybody"> If the tax situation works out, Temple would get to experience what Microsoft's marketing mavens are calling "the ultimate vista" -- a flight on the Rocketplane XP, which is built around a heavily modified Learjet body. The 62-mile altitude that the flight would reach compares with the 220 miles above Earth that NASA's space shuttles fly to reach the International Space Station, said John Herrington, a retired astronaut who will serve as the pilot of the Rocketplane. </p><p class="storybody">Because the Rocketplane won't go as high as the shuttle, it will experience temperatures of only 700 degrees Fahrenheit as it descends back to Earth, Herrington said. That compares with 3,000 degrees for the space shuttle, he added. </p><p class="storybody">Plans call for the hour-long ride to start in Burns Flat, Oklahoma, a town of 1,782 people located 100 miles west of Oklahoma City that houses the Oklahoma Spaceport, a former Air Force base that is expected to start launching test space flights next year. </p><p class="storybody">The operator of the flight, Rocketplane's Rocketplane Kistler unit, plans to run 25 to 50 test flights during 2008, according to Herrington, who is the Oklahoma City-based company's director of flight operations. Rocketplane Kistler is one of two companies that was chosen by NASA last year to provide outsourced flights to the International Space Station for bringing up crew members and replenishing supplies. </p><p class="storybody">The other company, California-based Space Exploration Technologies -- or SpaceX, for short -- has received more publicity than Rocketplane Kistler has thus far. SpaceX, which was founded by PayPal Inc. co-founder Elon Musk, is using a more traditional rocket design. It had a failed launch last March but is planning a second one next month, when it will attempt to transport the cremated remains of more than 100 people, including astronaut Gordon Cooper and Star Trek actor James "Scotty" Doohan. </p><p class="storybody">A third company, Virginia-based Space Adventures, has already sent four private citizens, including Ubuntu Linux developer Mark Shuttleworth, into space using Soyuz spacecraft from the former Soviet Union. Charles Simonyi, a former chief software architect at Microsoft, is training for a flight with Space Adventures this March.</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-56344148159398426782007-02-22T17:26:00.000+08:002007-02-22T17:44:41.358+08:00Robotic crawler performs check-up of power lines<p class="storybody">U.S. researchers have developed an autonomous robotic crawler that scans power lines for weak points in an electrical grid. By monitoring and precisely locating problematic sections of cable, the robot is expected to improve the efficiency and reduce the costs involved in power line maintenance. </p><p class="storybody">The maintenance of power lines has traditionally been an expensive process based on estimates. With no means of accurately measuring the wear of cables, power companies tend to either discard entire lengths of cable after a predetermined amount of time, or allow the cable to age until they fail. </p><p class="storybody">"Removing an entire length of cable can be very expensive and costly, so removing an entire length of fully functioning cable after a set time period can be unnecessary," said Luke Kearney, undergraduate researcher and project coordinator at the University of Washington (UW). "[On the other hand,] allowing the cable to fail can cause widespread blackouts and can also be very expensive for the power companies to deal with." </p><p class="storybody">UW's robot scans cables for internal damage by using sensors to track heat dissipation, partial electrical discharge, and any filaments of water that could have seeped into the insulation. Engineers can monitor the robot via wireless connection and watch the robot's surroundings through a front-mounted video camera. </p><p class="storybody">Besides autonomously locating damaged sections of cable, the robot can also scan cable in areas which may be dangerous or difficult for humans to access. "In future years, it is our hope that the robot can be used in nuclear power plants to gather data in areas that may be dangerous to people," Kearney said. </p><p class="storybody">The robot has only recently undergone its first field test at Lockheed Martin's Michoud NASA Assembly Facility in New Orleans, U.S., returning with the surprising finding that conditions in New Orleans are still unsafe even now, more than a year after the disastrous Hurricane Katrina struck. </p><p class="storybody">Future prototypes can be designed to fit different cable configurations, including those used outside of the U.S., Kearney said. </p><p class="storybody">More information is available from the project's <a href="http://www.ee.washington.edu/research/seal/projects/seal_robot/index.html" target="_blank">Web site</a>.</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-7293547660740812132007-02-22T17:16:00.000+08:002007-02-22T17:17:39.248+08:00IE Bug Lets Hackers Phish With Google Desktop<p>A bug in Microsoft's Internet Explorer browser gives phishers a way to scan the hard drives of Google Desktop users, according to an Israeli hacker. Because of a flaw in the way IE processes Web pages, a malicious Web site could use the attack to steal sensitive information like credit card numbers or passwords from the hard drives of its visitors. </p> <p>"<a href="http://www.pcworld.com/reviews/article/0,aid,122374,00.asp">Google Desktop</a> users who use IE are currently completely exposed," wrote hacker Matan Gillon in an e-mail interview. "An experienced attacker can covertly harvest their hard drives for sensitive information such as passwords and credit card numbers. Since Google also indexes e-mails which can be read in the Web interface itself, it's also possible to access them using this attack." </p> <h2 class="artSubtitle">The Details</h2> <p>Gillon has posted an extensive description of how such an attack would work, along with a proof of concept exploit, <a href="http://www.hacker.co.il/security/ie/css_import.html" target="_blank">on his blog</a>.</p> <p>The IE bug concerns the way Microsoft's browser processes Web page layout information using the CSS (Cascading Style Sheets) format. The CSS format is widely used to give Web sites a consistent look and feel, but attackers can take advantage of the way that IE processes CSS to get Google Desktop to reveal sensitive information. </p> <p>Hackers would first need to trick users into visiting a malicious Web site for the attack to be successful, Gillon says. The attack works with IE 6 and Google Desktop version 2, and may also work on other versions of Microsoft's browser, but not on non-Microsoft browsers like Firefox or Opera, he adds. </p> <h2 class="artSubtitle">Turn Off JavaScript</h2> <p>Users can nullify the attack by turning off JavaScript in their browsers, Gillon says. This can be done by disabling "Active scripting" in IE's Internet Options menu. <a href="http://www.pcworld.com/news/article/0,aid,123764,00.asp">JavaScript</a> is a popular scripting language used by Web developers to make their sites more dynamic. </p> <p>Users need to be particularly wary of the Web sites they visit these days, because of another unpatched IE vulnerability that could be used to take over a user's PC. Hackers posted sample code that exploited this problem over a week ago, and Microsoft said that hackers are already using the code in attacks. As with the new CSS problem, users must first be tricked into visiting a malicious Web site for this IE bug to be exploited. </p> <p>Some security experts believe that Microsoft is in the process of rushing out a patch to fix this problem before these attacks become more widespread. These attacks can also be avoided by disabling JavaScript in IE, or by using an alternative browser. </p> <p>Microsoft executives were unavailable to comment on the CSS bug, but a spokeswoman for the company's public relations agency said the issue is being investigated. Microsoft is not aware of any attacks resulting from the hole, she said. </p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-40644303910786743532007-02-22T17:14:00.000+08:002007-02-22T17:15:40.315+08:00The Hacker's Diet: Computer Tools<p> <a href="http://www.fourmilab.ch/hackdiet/" target="_top"><cite>The Hacker's Diet</cite></a> is accompanied by computer tools which permit logging the progress of a diet and subsequent weight management, producing progress reports, analyses, and charts. Computer tools are available both as <a href="http://www.fourmilab.ch/hackdiet/comptoolsExcel.html">spreadsheets and macros for Microsoft Excel</a> and as an <a href="http://www.fourmilab.ch/hackdiet/palm/">application for the handheld Palm Computing Platform</a>. </p> <p> You don't need a computer to use <cite>The Hacker's Diet</cite>; easy-to-work paper and pencil methods are presented in the book. But if you have a computer with Excel or a PalmPilot, the companion tools may save you time and provide more insight into the engineering underpinning of the methods described in the book, while producing an illustrated log of your progress. </p> <h2><a href="http://www.fourmilab.ch/hackdiet/comptoolsExcel.html">Microsoft Excel Tools</a></h2> <p> <a href="http://www.fourmilab.ch/hackdiet/comptoolsExcel.html"><img src="http://www.fourmilab.ch/hackdiet/www/figures/hdxl.gif" alt="" align="right" border="0" height="306" hspace="10" width="400" /></a> A variety of Microsoft Excel spreadsheets (or "workbooks" in recent Microsoft-speak) are available which permit hands-on experimentation with the techniques presented in the book, forecasting diet plans, meal planning with automatic calorie counting, and a system for logging the progress of a diet and subsequent weight management which produces progress reports and charts. </p> <p> In addition to the weight logging and analysis and meal planning packages, the feedback and trend fitting laboratories described in the book are included, as well as databases supporting the text. </p> <p> Please visit the <a href="http://www.fourmilab.ch/hackdiet/comptoolsExcel.html">Excel Tools</a> page to download a version compatible with the release of Excel you're using. <br /> </p> <h2><a href="http://www.fourmilab.ch/hackdiet/palm/">Palm Computing Tools</a></h2> <p> <a href="http://www.fourmilab.ch/hackdiet/palm/"><img src="http://www.fourmilab.ch/hackdiet/palm/figures/title4.gif" alt="" align="right" border="0" height="111" hspace="10" width="73" /></a> A handheld computer that's never far from your side is an excellent tool for logging your daily weight and providing real-time snapshots of the progress of your diet and long term weight management. An implementation of the <cite>Eat Watch</cite>, the central component of <cite>The Hacker's Diet</cite>, for the Palm Computing Platform (PalmPilot, Palm, etc.) puts this tool where it belongs--right in the palm of your hand. There's no more need for paper logs, spreadsheets, macros, or any Microsoft products whatsoever--just write your daily weight into your Palm and you can view weight logs, charts, trend analysis, and calorie balance right on your handheld computer. </p> Every time you HotSync, your weight log is backed up to your desktop machine, and a companion program (which runs on any computer with a vaguely standard C compiler) permits you to export your logs as illustrated HTML documents viewable with any Web browser and CSV files which can be imported into other applications.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-79766166296618913572007-02-22T17:03:00.000+08:002007-02-22T17:04:39.057+08:00Google Now a Hacker's Tool<p class="storybody">Somewhere out on the Internet, an Electric Bong may be in danger. The threat: a well-crafted Google query that could allow a hacker to use Google's massive database as a resource for intrusion. </p><p class="storybody">"Electric Bong" was one of a number of household devices that security researcher Johnny Long came across when he found an unprotected Web interface to someone's household electrical network. To the right of each item were two control buttons, one labelled "on," the other, "off." </p><p class="storybody">Long, a researcher with Computer Sciences and author of the book, "Google Hacking for Penetration Testers," was able to find the Electric Bong simply because Google contains a lot of information that wasn't intended to lie unexposed on the Web. The problem, he said at the Black Hat USA conference in Las Vegas last week, lies not with Google itself but with the fact that users often do not realise what Google's powerful search engine has been able to dig up. </p><p class="storybody">In addition to power systems, Long and other researchers were able to find unsecured Web interfaces that gave them control over a wide variety of devices, including printer networks, PBX (private branch exchange) enterprise phone systems, routers, Web cameras, and of course Web sites themselves. All can be uncovered using Google, Long said. </p><p class="storybody">But the effectiveness of Google as a hacking tool does not end there. It can also be used as a kind of proxy service for hackers, Long said. </p><p class="storybody">Although security software can identify when an attacker is performing reconnaissance work on a company's network, attackers can find network topology information on Google instead of snooping for it on the network they're studying, he said. This makes it harder for the network's administrators to block the attacker. "The target does not see us crawling their sites and getting information," he said. </p><p class="storybody">Often, this kind of information comes in the form of apparently nonsensical information -- something that Long calls "Google Turds." For example, because there is no such thing as a Web site with the URL (Uniform Resource Locator) "nasa," a Google search for the query "site:nasa" should turn up zero results. instead, it turns up what appears to be a list of servers, offering an insight into the structure of Nasa's (the U.S. National Aeronautics and Space Administration's) internal network, Long said. </p><p class="storybody">Combining well-structured Google queries with text processing tools can yield things like SQL (Structured Query Language) passwords and even SQL error information. This could then be used to structure what is known as a SQL injection attack, which can be used to run unauthorized commands on a SQL database. "This is where it becomes Google hacking," he said. "You can do a SQL injection, or you can do a Google query and find the same thing." </p><p class="storybody">Although Google traditionally has not concerned itself with the security implications of its massive data store, the fact that it has been an unwitting participant in some worm attacks has the search engine now rejecting some queries for security reasons, Long said. "Recently, they've stepped into the game."</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-91726999001987193572007-02-22T16:56:00.000+08:002007-02-22T16:58:15.685+08:00A Hacker's Tools of The TradeHere's a rundown of some of the most interesting and popular techniques that hackers use to break into or damage web sites and computers.<br /><img src="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/art/blank.gif" height="45" width="100" /><br /><a name="ddos"></a><img src="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/art/who6b.gif" alt="Denial of Service Attacks" height="24" width="400" /><p> Denial of service attacks are designed to lock out legitimate users from web sites or networks. Hackers run programs that repeatedly request information from the victim's computer until that computer is unable to answer any other requests. Hackers can run programs of automated scripts that barrage the victim computer or network so that it becomes unusable by legitimate users, or even has to be shut down. </p><p> Distributed denial of service attacks (DDoS) are automated attacks that run simultaneously from multiple computers. Hackers can plant Trojan horse programs on the computers of unsuspecting accomplices throughout the network or internet. At a given hour, all involved computers coordinate requests for information from the overloaded victim computer. Due to the numbers involved, such an attack can be very difficult to stop.</p><p> [In <a href="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/notable.html#ddosattacks">February 2000</a>, a number of high-profile web sites including Yahoo, Amazon.com, and eBay were hit with a series of distributed denial of service attacks which rendered the sites useless for a short time over the course of two days.] <br /><img src="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/art/blank.gif" height="45" width="100" /><br /><a name="spoofing"></a><img src="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/art/who6c.gif" alt="DNS spoofing" height="24" width="400" /></p><p> When you point your browser to randomsite.com, your computer will look up that entry in a massive directory called the Domain Name Service (DNS) database, and then send you to the appropriate site. </p><p> However, computers don't understand names, they understand numbers. The DNS database matches every name to a numerical address. Servers throughout the internet maintain a constantly updating database of these DNS entries. A DNS spoof occurs when a hacker alters a DNS entry on a server to redirect the browser to an alternate site. If a consumer wanting to visit randomsite.com gets sent instead to evilcompany.com, then business can be stolen. A hacker can also create a fake site that pretends to be randomsite.com. In this way evilcompany.com might steal passwords, personal data or even credit cards from the consumer. Such hacks are not yet very common.<br /><img src="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/art/blank.gif" height="45" width="100" /><br /><a name="sniffer"></a><img src="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/art/who6d.gif" alt="packet sniffers" height="24" width="400" /></p><p> Like many hacker tools, packet sniffers were initially designed as a tool for system administrators to help debug networking problems. Essentially, they are devices which allow the user to intercept and interpret "packets" of information traversing a network. Any information shared among a network of computers--username/password pairs, email, files being transferred--gets translated into "packets," which are sent out across the network.</p><p> Most of the internet uses the Ethernet transmission protocol. When you send a packet out on the Ethernet, every machine on the network sees the packet. Every piece of data you send over the internet contains an Ethernet header, a sort of numerical address, to make sure that the right machine gets the right information. Each machine is supposed to pay attention only to packets with its own Ethernet address in the destination field. However, an Ethernet packet sniffer is software which allows a hacker, or network administrator, to "eavesdrop" by recording information on packets not addressed to his or her computer.<br /><img src="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/art/blank.gif" height="45" width="100" /><br /><a name="socialengineering"></a><img src="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/art/who6e.gif" alt="social engineering" height="24" width="400" /></p><p> Social engineering is a hacker term for deceiving or manipulating unwitting people into giving out information about a network or how to access it. A hacker may pose as an employee who forgot his or her password, or a software vendor asking for information about a network in order to determine what the company's software needs are. In testimony before Congress, <a href="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/testimony.html">ex-hacker Kevin Mitnick</a> discussed some of his most successful social engineering exploits.<br /><img src="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/art/blank.gif" height="45" width="100" /><br /><a name="trojan"></a><img src="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/art/who6f.gif" alt="Trojan Horse Programs" height="24" width="400" /></p><p> Trojans horse programs are "back doors" into a computer system. A hacker may disguise a trojan as another program, video, or game, in order to trick a user into installing it on their system. Once a trojan is installed, a hacker could have access to all the files on a hard drive, a system's email, or even to create messages that pop up on the screen. Trojans are often used to enable even more serious attacks. By hiding programs to be run later, hackers might gain access to other networks, or run <a href="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/tools.html#ddos">DDoS attacks</a>. The simplest Trojan horse replaces the messages shown when a login is requested. Users think they are logging into the system, so they provide their usernames and passwords to a program that records the information for use by the hacker. The most famous Trojan horse to date is probably Back Orifice, which was developed by the hacker group known as <a href="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/interviews/reidcount.html">Cult of the Dead Cow.</a> Once installed, this program gives the user access and control over any computer running a Windows 95/98 operating system or later.<br /><img src="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/art/blank.gif" height="45" width="100" /><br /><a name="defacements"></a><img src="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/art/who6g.gif" alt="web Page Defacements" height="24" width="400" /></p><p> Web pages are simply computer files stored in directories on a server computer. If a hacker gains access to these files, he or she can replace or alter them in any way. The Republican National Committee, the CIA, and <u>The New York Times</u> are just three of the highly publicized web page defacements over the past few years.<br /><img src="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/art/blank.gif" height="45" width="100" /><br /><a name="worms"></a><img src="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/art/who6h.gif" alt="Viruses and Worms" height="24" width="400" /></p><p> Worms and viruses are surreptitiously "self-replicating" programs that can spread exponentially throughout a network. Such programs are not by definition harmful: The first worm released on the internet, the <a href="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/notable.html#morrisworm">Morris Worm</a>, was not meant to do harm, it was merely an experiment by a Cornell University graduate student. However, it replicated itself so efficiently and took up so much memory and computing resources on the internet that many computers crashed, and system administrators across the country were forced to take their machines off the internet.</p> Modern-day <a href="http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/psycho.html">virus writers</a> often have malicious intent, however, and they use viruses and worms to spread destructive programs among unwitting hosts. A virus spreads by infecting another object on the computer system--a program file, a document, or the boot sector of a floppy disk. A worm can copy itself from computer to computer on a network without needing a file or other object. The most famous worm was the ILOVEYOU bug, which infected an estimated 45 million computers. It propagated itself by exploiting a weakness in the Microsoft Outlook email software, and emailing itself to every address stored in the Outlook address book on an infected computer.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-49127965628207053292007-02-22T16:51:00.001+08:002007-02-22T16:55:59.075+08:00Base Technologies: One Hacker's Tools<span id="intelliTXT">Jeanson James Ancheta—a.k.a. Resili3nt—used readily available software and hardware to create a botnet-for-profit of at least 400,000 infected computers that netted him at least $60,000.<br /><table border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td bgcolor="#333333"> <table border="0" cellpadding="4" cellspacing="1" width="100%"> <tbody><tr bgcolor="#f7f7e9"> <td class="bodycopymedium" valign="top"><b>APPLICATION</b> </td> <td class="bodycopymedium" valign="top"><b>PRODUCT</b></td> <td class="bodycopymedium" valign="top"><b>SUPPLIER</b></td></tr> <tr bgcolor="#e0e0e0"> <td class="bodycopymedium" valign="top">Bot code</td> <td class="bodycopymedium" valign="top">Modified versions of bot code from Rxbot,Lca3.exe, Winun.exe, Wininst.exe </td> <td class="bodycopymedium" valign="top">Various Web sites that provide free downloads plus Ancheta's own coding and reverse-engineering of other malicious code </td></tr> <tr bgcolor="#f7f7e9"> <td class="bodycopymedium" valign="top">Online communications </td> <td class="bodycopymedium" valign="top">Internet Relay Chat channels </td> <td class="bodycopymedium" valign="top">IRC.org</td></tr> <tr bgcolor="#e0e0e0"> <td class="bodycopymedium" valign="top">Hardware </td> <td class="bodycopymedium" valign="top">Laptops </td> <td class="bodycopymedium" valign="top">IBM, Toshiba, eMachines</td></tr> <tr bgcolor="#f7f7e9"> <td class="bodycopymedium" valign="top">Web servers </td> <td class="bodycopymedium" valign="top">Rented server space</td> <td class="bodycopymedium" valign="top">Sago Networks, FDC Servers, EasyDedicated</td></tr> <tr bgcolor="#e0e0e0"> <td class="bodycopymedium" valign="top">Internet access SBC, Adelphia </td> <td class="bodycopymedium" valign="top">Broadband connections</td> <td class="bodycopymedium" valign="top">Cable</td></tr> <tr bgcolor="#f7f7e9"> <td class="bodycopymedium" valign="top">Payment mechanisms </td> <td class="bodycopymedium" valign="top">Online payment service Online bank account </td> <td class="bodycopymedium" valign="top">PayPal Wells Fargo</td></tr> </tbody></table></td></tr></tbody></table> <i>SOURCE: Indictment filed in U.S. District Court in Los Angeles</i></span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-62063561938166523132007-02-20T13:53:00.000+08:002007-02-20T13:55:43.923+08:00Guide to Next Generation Networks<p> Next Generation Networking is a term that is being increasingly used to describe the latest state-of-the-art networking platforms, which service providers are either developing or are using today. </p> <p>Next Generation networks enable businesses to run a full range of IP-based voice, video and data applications over a single network. With the technologies used, current communication needs can be met whilst ensuring new applications and services can be deployed quickly and efficiently to support future requirements. </p> <p>This guide provides an overview of what Next Generation Networks (NGNs) are and how they compare to the legacy networks still in use by many organisations.</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-3051232491770982692007-02-20T13:47:00.000+08:002007-02-20T13:49:25.125+08:00150 Ways to Let Hackers In<p>To paraphrase Paul Simon, there are 150 ways to leave your software open to attack, according to Fortify Software, the Palo Alto-based security software specialist.</p> <p>In the latest update to its Fortify Security Coding Rulepack, the company says it has added a further 34 "vulnerability categories", bringing the grand total to 150.</p><p>Fortify's philosophy is that the best place to deal with security threats is in source code when software is being built. Well-designed code can prevent a wide range of attacks and Fortify's Source Code Analysis tool helps improve code design and keep out the malcontents.</p> <p>"Security threats are a constant challenge to programmers - but their priorities are to meet deadlines and deliver new features. We can help by giving them good tools to help make software less vulnerable," says Jacob West, manager of the security research group at Fortify.</p> <p>According to Fortify, the two most-prevalent forms of attack are cross-site scripting, where rogue code pretends to be from a trusted site, and SQL injection, where executable SQL commands are put into data streams.</p> <p>West says cross-site scripting can be prevented by using data flow analysis. "You can identify data as it comes in and check that it is what it says it is. A billing address, for example, should only contain letters and numbers. If it contains special characters then it may well be suspect."</p> <p>Similarly, SQL injection may be avoided by ensuring that SQL data streams do not contain executable instructions. "SQL injection introduces extra commands into an SQL stream which can circumvent access control and enable data to be changed. If you can control the SQL command input you can do almost anything. But you can prevent it by input validation and restricting what you allow in commands."</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-35044056830991522662007-02-20T13:40:00.000+08:002007-02-20T13:44:17.267+08:00Broadband Routers Welcome Drive-by Hackers<p>Still using the default password that came with that nice broadband router you installed at home? Time to get off your butt and change it: visiting the wrong website is enough to have key settings changed on the most popular models.</p> <p>Symantec <a href="http://www.symantec.com/enterprise/security_response/weblog/2007/02/driveby_pharming_how_clicking_1.html" target="_blank">warns</a> attackers can employ a simple piece of JavaScript to modify a router's domain name server settings. Once the router is rebooted, a rogue DNS will send the victim to spoofed websites with malicious intent.</p><p>That could unleash all kinds of new phishing expeditions, Symantec says. For example, the new DNS could route a request for bankofamerica.com or Microsoft's update site to fraudulent sites that steal login details or install back doors.</p> <p>A proof of concept works with popular models made by Linksys, D-Link and Netgear, but only if they use the default password. Hence, the attack can be thwarted by setting a new password that's not easy to guess.</p> As with <a href="http://www.theregister.com/2007/02/15/firefox_vuln/">many</a> of the <a href="http://www.theregister.com/2007/02/13/browser_vulns/">recently discovered</a> browser-related vulnerabilities, attacks also require JavaScript to be enabled. Running a program such as the <a href="http://noscript.net/" target="_blank">NoScript</a> extension to Firefox is also a safeguard in these cases.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-33779510.post-70218161842996310962007-02-20T13:36:00.000+08:002007-02-20T13:39:44.009+08:00Hard Drive Contents Cough Up by IE and Firefox<p><strong class="Label">Updated</strong> The latest versions of Internet Explorer and Firefox on Windows and (in the case of Firefox) Unix systems are vulnerable to attacks that could reveal the contents of sensitive files residing on a victim's hard drives.</p> <p>The vulnerability resides in the functionality that allows the browsers to upload files to a remote server. It requires a victim to visit a booby-trapped website and enter text with certain characters in a comment interface or other input field.</p><p>Demonstration exploits, <a href="http://lcamtuf.coredump.cx/focusbug/ieversion.html" target="_blank">one</a> for IE and <a href="http://lcamtuf.coredump.cx/focusbug/ffversion.html" target="_blank">the other</a> for Firefox, show how typing a simple string into a message box reveals a Windows user's boot.ini file.</p> <p><a href="http://www.gnucitizen.org/" target="_blank">Petko D. Petkov</a>, a researcher who has investigated the vulnerability, says similar techniques could be used to reveal more sensitive files on Windows or Unix-based machines, for example C:\WINDOWS\system32\config\SAM in the former or /etc/passwd in the latter.</p> <p>The vulnerability in Firefox was tested with versions 2.0 and 1.5. It is a variant of a bug that was reported on Bugzilla as early as 2000, according to Michal Zalewski, who is credited with discovering the flaw in that browser.</p> <p>Petkov is believed to have first determined that IE 7 is also vulnerable. ®</p> <p>A Microsoft spokesman said the company is investigating the report. Initial findings by Microsoft's security team are consistent with the report, specifically that "an attacker could gain access to user files if the location of a given file is already known" and would then have to convince the victim to enter the location of that file in a Web page.</p>Unknownnoreply@blogger.com0