header

"There is nothing either good or bad, but thinking makes it so." - Shakespeare

Welcome
38.103.63.62
HTTP <-> HTTPS
Switch to HTTPS
News
Index
Archive of 2008
Texts
Attack
Defense
Advisories
Malicious
Others
Releases
Hacking/Cracking
Administration/Defense
Malicious codes
Exploits
Others
Others
About
Staff
Imprint
Multimedia
Hall of Shame
Best of error.log
Feed
RSS 2.0
Members blogs
SkyOut
Tatsumori
Komarov
Security news/vuln. alerts
Rootsecure
Securiteam
Secunia
Securitytracker
Securityfocus
Gnucitizen
Zone-H
Vuln./exploit databases
OSVDB
Milw0rm
Secwatch
Securityvulns
Packetstorm
Exploitsearch
Virus code databases
Netlux
VX Chaos
Trojanfrance
Blogs (AntiVirus/Security)
F-Secure
Symantec
Avertlabs
Viruslist
ESET
Ha.ckers
Offensive Computing
NewOrder
Rootkit
Electronical magazines
Phrack
(IN)SECURE
K_1ine
bUTCHERED fR0M iNSiDE
Die Datenschleuder
Commercial magazines
Hakin9
2600
Xakep
Affiliated pages
Perforin
SecuMania
Hosting provided by
Nexpa.de
29th - August - 2008 - 15:00

PGP Encryption for Mac OS X

applesymbol

Yeah. They finally made it. The software "PGP Whole Disk Encryption" is now available for Mac OS X (Tiger and Leopard) and features nice things like crypting swap and pre-boot authentification. I got an email today by PGP (or better to say, it was send through mail.vresp.com) announcing this. No long words here, just read it yourself:

PGP Corporation Delivers PGP Whole Disk Encryption for Mac OS X!

The wait is over! PGP Corporation has released PGP Whole Disk
Encryption for Mac OS X.

This much-anticipated application is part of a major release
enhancing the award-winning PGP Encryption Platform, which
includes general availability of PGP NetShare 9.9, PGP
Universal Server 2.9, PGP Whole Disk Encryption 9.9,
and the all-new PGP Whole Disk Encryption for
Mac OS X.

As we outlined in our June 2008 announcement, the latest
release of PGP Whole Disk Encryption 9.9 adds pre-boot
authentication to the proven PGP Corporation data encryption
technology for Intel-based Macs. PGP Whole Disk Encryption is
the only product available today for both Windows and Mac OS X
that is also FIPS 140-2 validated for use by the U.S. government.

To learn more about this application, visit www.pgp.com.

Sincerely,
PGP Corporation
28th - August - 2008 - 15:30

iPhone: Breaking the lock in 2.0.2

iphone

Sigh! Another bug in the iPhone Firmware has come to public. This time it's so simple, that it is good again. The problem does ONLY occurr in the Firmware 2.0.2, which I don't use, yet due to the news about UMTS problems and so on... Anyway, the bug doesn't occurr in < 2.0.2. So what to do and what can happen?

It is simple: When the iPhone is locked with a password, you are still able to make an emergency call, good so far, BUT if you press the Home-Button twice on that screen you are redirected to the favorites of the iPhone user. From there on you can break it step by step. When you have an Email address in the favorites list, click on it and you are in the menu for Emails, check the Emails, can you find an Email with a hyperlink? Yes? Click on it and you can surf... Ouch! That was simple, wasn't it?

For a video showing the unlocking, check out the post on [gizmodo.com].

27th - August - 2008 - 14:00

Virus on the ISS laptops

nasa

Reading Golem.de and Heise.de/Security today, made me laugh again. The headline was great: "Trojaner im Weltall" (english: "Trojan in the universe"). According to NASA the worm has been brought to the ISS from a notebook, that must have been infected while being used on earth. The worm is called W32.Gammima.AG and will try to grab passwords for online games and such stuff. Nothing risky at all for the ISS, but it shows how ignorant people are concerning computer security. NASA spokesmen said, that some computers used at the ISS don't even have a virus scanner. Sigh! People will never learn it I guess...

Original news by [Heise.de].

Virus description for W32.Gammima.AG by [Symantec].

25th - August - 2008 - 15:30

Darklab.org: SILC in BETA testing

silc

Just some short note from my side: The SILC (Secure Internet Live Conferencing) service on the Darklab.org box is running again. After some time setting it up following the instructions of FX, it is now time to use it again and stress-testing it by chatting through it. Every visitor, every discussion, every feedback is welcome. Just drop a message on SILC to me or send an Email!

Server: darklab.org
Channel: darklab
Protocol: SILC
25th - August - 2008 - 14:30

Conribution to 25c3 sent

chaosknoten

Just some minutes ago, I contributed two lectures to the 25th Chaos Communication Congress this December in Berlin/Germany. This year I plan to have a complete difference in doing it then last year. The first speak I contributed is for the topic Hacking, this time the user will see more technical stuff and have less "bla bla" by me. 50% of the lecture are for theory, which the listener needs for the next 50%, which will show a real attack on an unfixed software (no, I won't tell you more here). The second lecture is in the topic Culture and is more relaxed, less technical stuff, more talking about experiences I made with something and giving everyone the chance to build his own oppinion through my experiences (no, I won't tell you more here either).

As soon as the speeches get taken (or not) I will inform you about details. Stay tuned!

21st - August - 2008 - 16:30

Getting and Hacking the iPhone

iphone

THIS WILL BE A LONG POST!

Okay, I think it was just a matter of time until I couldn't stop myself from getting an iPhone to play around with it. I am just too nerdy to not buy it I guess. Last saturday I finally went into the T-ComUlm and asked for an iPhone, the reaction was frustrating: "Sorry, all iPhones are sold out, you have to reserve one or try somewhere else.". Okay, so I went to MediaMarkt and asked the same question there, same result, just that I got some more information: Apple planned to ship 35.000 iPhones to germany, but until now only 5.000 arrived. Ouch! No wonder, that there is no iPhone left. So back to T-Com. I said, that I would like to reserve one, gave my name and telephone number to reach me and said I wanted a 16 Gigabyte one, the color was not important (even I hoped for a white one). I asked the guy taking my reservation about the number of people being in front of me, his answer was disappointing: "80 persons". I was really like: OMG, that will take weeks.

BUT... yesterday a call arrived on my mobile phone with a hidden number. I took the phone, answered and a wonder happened: It was the T-Com shop in Ulm telling me, that they have one iPhone left, in white with 16 Gigabyte of diskspace. Yeah! Just the same day I went over there and bought it. Damn, that was complicated, the whole process of taking my personal information, checking my personal ID, checking my bank account and so on, took about 45 minutes! Unbelievable. Luckily the woman making all this was very friendly and we just made some jokes from time to time while the system was scanning all the necessary stuff. Finally, after almost an hour I got to pay for it, about 150 Euro and finally I left the shop and had my new iPhone.

Then the next surprise came: I had to register the iPhone through iTunes, which I expected to be simple, but... Apple's motto is "Think different" and yeah, I had to. It needed several steps and finally they wanted a credit card number or bank account information. I could have used fake data, I guess it would have worked anyway, but I thought it would be better to input valid data to be able to buy something if I wanted to do. So, I chose their Click&Buy option because I don't have a credit card and inputted all the necessary stuff. After some minutes it was done.

Okay, my iPhone was registered, the SIM was unlocked through T-Com and all worked fine. But that was not enough for me, I just couldn't stop myself from being interested in jailbreaking this thingie... So I went over to ask Google what to do and ended up with a software called [WinPwn] (The version 2.5 is almost finished! I did it with 2.0.0.4). I read the HowTo they posted on the page and did it step by step, downloading the files I need, building the IPSW firmware file and so on. Finally the files were built and it was time to restore the iPhone with the cracked firmware. So I connected my iPhone to iTunes 7.7 on Windows Vista and chose to restore it (before that you need to put it into DFU mode, which some people described to be quite hard because you have to be very precise in doing it, but actually I made it on the first try!). The firmware got installed and I took some break because it needs up to 20 minutes to do this. Finally it was done. Restarted the iPhone. Unlocked again and ... ERROR! ... I was shocked the first moment, I got the error code 0x8000035 as far as I remember and thought: That's it, I screwed up.

I googled for this error and found out, that it was an error, which should not be present in iTunes newer then 7.4, but which is happening on Windows only. So I went over to my Mac OS X machine and started iTunes 7.7.1 there. Connected the iPhone and ... bingo ... it was all normal. The iPhone was found and connected. Yeeha! Now I synchronized my music from iTunes to iPhone and installed some apps on it through Cydia (something like the free AppStore, with hacked apps). Now I wanted to connect to some server through SSH, but I needed to get my private key on the iPhone, so how to do this? Searched quite a while and ended up with a software called [DiskAid], which is available for Windows and Mac OS X. I installed it and transferred my file to the iPhone. Now the searching began... Happily I found out fast where it was saved: /var/mobile/Media. This folder and its subfolders are the only ones DiskAid can copy files to! Finding my private key file there, I finally copied it to ~/.ssh/ and was able to log in to the server through SSH.

Then I tried a bit around with the official AppStore (which is still working, even if you jailbroken the iPhone!). I wanted to install a free application to use ICQ, MSN and other instant messaging protocols. I found one, got it, entered my iTunes password and finally the iPhone prompted me with a message telling me, that I am not allowed to install software made for other countries then germany. Damn it! That sucks for sure! But anyway... I tested it with Meebo (the online chat service) and found out, that the page fits perfectly to the screen of the iPhone. Nice job Meebo! Then I wanted to log into MySpace and ended up with an error... sigh. The last thing I tried this morning was reading my emails through Roundcube webmail, it was not possible because to open an email you have to double-hit the email, which recognizes the iPhone as Zoom-in/Zoom-out... sigh. Anyway, that's okay because you can of course create an email account in your iPhone and check your emails through this.

Now I am sitting here, bought my first application on the AppStore for 4.99 Euro, called Tuner, which is an webradio player. Searched for my favourite radio station I am always listening to at home with Winamp, found it, turned it on and relaxed.

Conclusion: Still things are not working as promised, many restrictions are made to the software, but all in all it's a lot of fun to use this phone (of course it's more then a simple phone ...). For a geek like me, who likes to play around with stuff and experience new things, it's the perfect "toy" (even it is a very expensive toy, when you think of the monthly 50 Euro T-Com takes from you!).

WARNING: Many people think it's a good idea to break the SIM lock of the iPhone and use it without an official carrier (USA: AT&T, Germany: T-Com...). Of course this is possible, no question, BUT remember, that the iPhone uses a lot of bandwidth all the time! The iPhone connects quite often to servers of Apple and if you watch videos through YouTube or listen to a webradio like me right now, this will shoot your bandwidth usage up to the sky. And THIS will cost a holy shit of money! I heard of a friends friend, who made it this way and got his first bill after one month... being a total of 1600 Euro! A contract with T-Com for two years would have cost less and he would have had a flatrate... So be warned!
To give you an idea of how fast you will use a lot of bandwidth: In two days I used more then 100 Megabyte!

20th - August - 2008 - 15:00

Professional Skimming

Reading the blog of my friend Marko Rogge, known as [Shakal] on Blog.de, I came accross a very interesting news. Marko talks about Skimming and concludes, that this technique to steal your bank account data (and finally your money) gets more and more widely used and can be considered a real threat nowadays. Whole gangs of mostly eastern european countries are working on getting better and better in hiding the manipulation of the bank devices. The longer nobody finds out, that something has been manipulated, the longer they can collect PIN numbers and the data saved on the magnet stripe of the bank cards.

To demonstrate how realisticly those manipulated devices look check out those photos:

bank_system_manipulated
(Left: original / Right: manipulated)

original_keyboard.jpg manipulated_keyboard
(Left: original / Right: manipulated)

For more images check out the [original blog entry] of Marko (in german).

20th - August - 2008 - 13:00

OpenVAS: The new Nessus

openvas

Long ago with the third version of Nessus it became closed-source finally and Tenable Network Security decided to make people pay money to get the newest plugins and stuff. The version 2 was still open-source, but it became more and more outdated. Now a new security tool based on Nessus has been made publicly available on the net. To me it looks very nice and professional. They have a clear procedure for including new NVTs (Network Vulnerability Tests) and the concept is quite the same as Nessus, just one big difference: It's free!

Check out the website of [OpenVAS] to get more information and download the software.

19th - August - 2008 - 17:30

SQL Injection through Truncation

sqlinjection

Today I came over a blog post of Stefan Esser, known for his critics against the PHP Security Team and releasing a lot of exploits for PHP, who writes about a kinda new way of making a SQL Injection attack on a website. The idea is simple and cool: Let's imagine you have a database query, that looks like this:

SELECT * FROM user WHERE username='admin '

Look close enough! The attackers tries not to register the name "admin" here, he tries to register the name plus an appended whitespace char. That will not work because MySQL will ignore the whitespace and check for "admin", which is present and then deny the registration of that username. BUT now comes the cute hack, that makes it possible to get accross this. Let's say the attacker supplies the following name: "admin           x". The important thing here is the length of the supplied username, it has 17 chars. When the database has set the limit to 16 chars per field, MySQL will not be able to check for that username and thus the check if the user still exists will fail, which leads to the fact, that the username will finally be accepted. Because the field is only 16 chars long, the "x" in the username will be cut off and we finally end up with the name "admin" plus the whitespaces...

Now it depends on the coding of the application if you are finally able to log in with your selfmade username.

For the whole blog post and some more information check out [suspekt.org].

19th - August - 2008 - 16:00

XSS on OpenBSD.org

In the "underground" a link is floating around, that demonstrates a XSS bug on the website of OpenBSD. The examples shows a blinking text with the writing "Only 2 Remote bugs". The problem does not occurr due to a mistake the OpenBSD web developers team has made as far as I can see, it is more a bug in the software CVSWEB, which is a CGI application, that makes it possible to browse the CVS tree of a server through a web interface.

If you look at the code, you can see the following:

Current directory: <b> <a href="/cgi-bin/cvsweb/?sortby=%22>...

The "sortby" parameter is not filtered and therefore the attacker can simply close the "a" tag with a closing %22> and then add any HTML code he wants to.

For the original XSSed link click [here].

18th - August - 2008 - 17:00

White Hat kidnapped in Turkey

kier

That's the first case I heard of, that a computer hacker got kidnapped in such a way. Hackers being kidnapped by the police because of illegal activities is nothing new, even not very present in the media because of the police hiding everything and declining it. This time a hacker kidnapped another hacker. The hacker, that was kidnapped is a turkish guy known as Kier and he could be described as a White Hat Hacker and helped the turkish police to force down illegal activities in his country, such as credit card fraud. He worked against a website and a person, that could be called a Black Hat Hacker and known as Cha0, who is making his money with selling hardware for skimming* to get cash out of other peoples bank accounts.

It is not official, but it seems like the hacker known as Cha0 kidnapped the informant and posted the image above (in the original one you can even see his face) on a website as a warning to other people working against him and his crew. This way of doing it is quite new. Spammers attacking servers and websites of Anti-Spam companies is nothing new, but kidnapping a person in real and uncovering him on the net is a new dimension the cyber criminals have taken to make their work go on. This action shall be a warning to everyone trying to work against them and together with the police.

*skimming describes a way of stealing bank information through manipulated hardware. Normally you install a device in front of bank machines and this devices read out the information on the magnet stripe of the bank card. Then you are able to clone the card and with the PIN number, which you have read out via a little camera installed or something similar, you can steal the money from the persons bank account, mostly transferred into countries like Russia or China.

[News on blog.wired.com]

18th - August - 2008 - 12:30

And they did it anyway

Reading the media while the Defcon was made in Las Vegas you probably came across the news of some MIT students, that hacked the subway system, that is used in many major cities of the world. In the media it said, that the students were forced to not make their speech at Defcon, but talking to someone, who was there, I got to know, that they did it anyway and that's a good thing in my oppinion. Information must be free and security by obscurity does not work. Just forbidding someone to talk about vulnerabilities does not improve security in any way and that's why I am pro full disclosure.

The slides of the Defcon presentation are now online and you can find them [here].

It's really worth looking! The students did a great job in reversing the technology and finding ways to travel for free. Furthermore they showed how bad the physical security in the subways is nowadays: Open doors, keys laying around, computers not secured and accessable by anyone and many more unbelievable security weaknesses. Check it out.

15th - August - 2008 - 16:30

Interesting meeting at Olympia 2008

The weekend has almost arrived and as the last news before it, I will show you a nice image, that I found reading news about Beijing 2008... Guess, who has met there? Look yourself:

bg_and_gwb_at_olympia

You don't know the persons I mean? No comment!

14th - August - 2008 - 16:00

Keyczar: Crypto Toolkit by Google

keyczar

Google is a company, which does many good things and many things, that are quite questionable. Nevertheless they push technologies a good way forward and help to improve the web. Especially the Google Security Team, which features its own [weblog] on Blogspot does some cool stuff. Their newest creation is the Cryptographic Toolkit Keyczar, which I might look closer at in future.

The main idea is to make it easier for (somehow) unskilled developers to develop software with secure algorithms and modern cryptographic standards. Until now there is a Java and Python implementation, C++ is coming soon regarding the announcement on the website of Keyczar. On the page there is a simple example of code in Java and Python demonstrating how easy it is to use the toolkit, here the example in Java:

Crypter crypter = new Crypter("/path/to/your/keys");
String ciphertext = crypter.encrypt("Secret message");

And finally in Python:

crypter = Crypter.Read("/path/to/your/keys");
ciphertext = crypter.Encrypt("Secret message");

I just can suggest you to check it out on the [homepage of Keyczar].

13th - August - 2008 - 14:00

Cookie Stealing through HTTPS

Most people think, that using HTTPS on a website is enough to save your session from being hijacked by an attacker, but now the first tools found its way into the net, which show, that HTTPS is definitely NOT enough to secure yourself. Mike Perry has shown such an attack on the last Defcon and announced to release its tool in about two weeks.

How does the attack work? Very simple! Look: You contact Gmail (as an example) over a HTTPS connection, your cookie is safe so far. Now you surf through the net and an attacker embeds an image located on the site of Gmail in his website, but uses HTTP to load this images. Your cookie will now be send to Gmail, but unencrypted and the attacker is able to grab it, for example if you are in the same LAN and he is doing some ARP spoofing and sniffing.

Further details are also presented by Sandro Gauci. He has released a [paper] and a [video] demonstrating the so called "Surf Jacking". Further more he has released a tool, ironically on Google, that hijacks HTTPS connections, called [Surf Jack].

11th - August - 2008 - 17:30

The Pirate Bay blocked in Italy

tpb

I just came over a news on Slashdot announcing, that TPB (The Pirate Bay) is blocked all over Italy now. All ISPs are working together and block the whole IP address space of the well-known BitTorrent website. Other sites get also shut down. I think this is a very bad trend in the modern internet and it shows, that not only countries like China are censoring their users. I am somehow afraid of this trend as it shows, that ISPs can do whatever they want and make a whole country be not part of the "free" internet anymore. How far will this go? What will they block next? They have started to do it with a few sites, but now they might like to do it with more sites and if the people don't stand up against it (and I bet they won't) then the governments have the ability to do whatever they like...

Conclusion: If the people don't start to care about their freedom, then their won't be much left in near future!

08th - August - 2008 - 15:30

Techworld about the dying of VX

techworld

I have three words for you before you read this: OH MY GOD!

Just reading an article on Techworld about the constant dying of VX groups, I really had to shake my head a lot, the definitions are wrong, the facts are wrong, the article is bullshit... In the article it says, that there is only ONE group left. When I count the groups I get more: EOF, DR, PCR, FAT, Purgatory etc... So this article is really not worth reading, instead you want to laugh a lot and thus I won't put me between you and the article. Enjoy:

[VX Groups a dying breed, but they wont be missed]

To the author (Carl Jongsma): Inform yourself better before writing useless crap!

07th - August - 2008 - 15:30

Apple iPhone "Backdoor"?

iphone

A researcher has found out, that the firmware of the Apple iPhone, one of the most hyped mobile phones of today, seems to have some kind of "backdoor" implemented. What does this "backdoor" do? Well, Apple included a feature, that the iPhone connects to a server controled by Apple, which consists of a list of forbidden applications, thus it might be possible for the company to automatically delete any programs on the users phones worldwide, which they do not want them to be there. It is unclear in which time phase the iPhone connects to the server and till now no applications are listed, that are forbidden.

If you connect to the address located at - https://iphone-services.apple.com/clbl/unauthorizedApps - you will only find the following string:

{ "Date Generated" = "2008-08-07 12:13:46 Etc/GMT";
"BlackListedApps" = { "com.mal.icious" =
{ "Description" = "Being really bad!";
"App Name" = "Malicious";
"Date Revoked" = "2004-02-01 08:00:00 Etc/GMT"; }; }; }

Looking at this code two ideas come to my mind. First one is that Apple might add whatever they want to that list, for example programs, that might be use to hack into features of the iPhone, what Apple might not want; that would be the bad way. But there is also a good way of using this feature. Apple is able to add malware to that list, that might come out in future more often (let's see) and make sure the users get their iPhones cleaned automatically. That of course would be a great benefit for the phones security.

What Apple will actually do with this feature is unsure, let's hope for the best...

06th - August - 2008 - 16:30

Hacking the Great Firewall of China

gifc

Perfectly for the olympic games a toolset has come to the media, that allows chinese people to hack around the Great Firewall of China to get uncensored access to the internet. The toolchain consists of five tools, that make it possible to circumvate the firewall, encrypt your traffic, hide your IP address and allow FTP downloads. About one million people are using those tools in China to get access to foreign countries media sites, says the Global Internet Freedom Consortium (GIFC).

I very much respect those projects, that help people in countries being censored very strictly, to break the chains. But just to make a number, one million people are using it, with about 200 million using the internet in China. That's only about 0.5%, a very small amount. Why is this so? Well, that can have multiple reasons. One might be, that people don't know about it. Another might be, that people use other techniques, such as TOR or other services. But what's also very typical might be, that people just accept the censorship or even worse just don't care.

I once watched a documentation about hackers in China and one scene in this documentation was somehow "funny", the speaker said something like "With the access to internet, the people have the ability to read the humans knowledge spread all over the worldwide web." and while saying so you could see some chinese guys playing Counter Strike or other online games... Hmm, no wonder, that the country does this censorship and people don't stand up against it, if most people just care for gaming, instead of getting informed.

The tools can be downloaded [here].

05th - August - 2008 - 15:00

It's time to be in Las Vegas

blackhat

This year I was not able to take a trip to Las Vegas for Black Hat or the Defcon following in some days, but next year I am planning to go there. To everyone, who is there and enjoying the speeches or doing an own one: Have a lot of fun and happy hacking the next two days! The homepage of the Black Hat conference is very informative and you should check it out for sure.

On Twitter you can find a [channel] for the event. To get to know what you'll miss or better: what you'll be part of: Check out the [schedule] and [Speakers List].

At least one person I know (sorry, can't tell who) is going there. I am excited for some feedback, when he comes back!

Copyright © 2008 by SkyOut (Marcell Dietl)