header

root@server:~# dd if=/dev/hacking of=/dev/wired bs=1337k

Welcome
38.103.63.61
News
Index
Archive of 2008
Texts
Attack
Defense
Advisories
Malicious
Others
Releases
Hacking/Cracking
Administration/Defense
Malicious codes
Exploits
Others
Others
About
Staff
Imprint
Multimedia
Feed
RSS 2.0
Members blogs
SkyOut
Tatsumori
Komarov
Security news/vuln. alerts
Rootsecure
Securiteam
Secunia
Securitytracker
Securityfocus
Gnucitizen
Zone-H
Vuln./exploit databases
OSVDB
Milw0rm
Secwatch
Securityvulns
Packetstorm
Exploitsearch
Virus code databases
Netlux
VX Chaos
Trojanfrance
Blogs (AntiVirus/Security)
F-Secure
Symantec
Avertlabs
Viruslist
ESET
Ha.ckers
Offensive Computing
NewOrder
Rootkit
Electronical magazines
Phrack
(IN)SECURE
K_1ine
bUTCHERED fR0M iNSiDE
Die Datenschleuder
Commercial magazines
Hakin9
2600
Xakep
Affiliated pages
Perforin
SecuMania
Hosting provided by
Nexpa.de
20th - August - 2008 - 15:00 - #permalink

Professional Skimming

Reading the blog of my friend Marko Rogge, known as [Shakal] on Blog.de, I came accross a very interesting news. Marko talks about Skimming and concludes, that this technique to steal your bank account data (and finally your money) gets more and more widely used and can be considered a real threat nowadays. Whole gangs of mostly eastern european countries are working on getting better and better in hiding the manipulation of the bank devices. The longer nobody finds out, that something has been manipulated, the longer they can collect PIN numbers and the data saved on the magnet stripe of the bank cards.

To demonstrate how realisticly those manipulated devices look check out those photos:

bank_system_manipulated
(Left: original / Right: manipulated)

original_keyboard.jpg manipulated_keyboard
(Left: original / Right: manipulated)

For more images check out the [original blog entry] of Marko (in german).

20th - August - 2008 - 13:00 - #permalink

OpenVAS: The new Nessus

openvas

Long ago with the third version of Nessus it became closed-source finally and Tenable Network Security decided to make people pay money to get the newest plugins and stuff. The version 2 was still open-source, but it became more and more outdated. Now a new security tool based on Nessus has been made publicly available on the net. To me it looks very nice and professional. They have a clear procedure for including new NVTs (Network Vulnerability Tests) and the concept is quite the same as Nessus, just one big difference: It's free!

Check out the website of [OpenVAS] to get more information and download the software.

19th - August - 2008 - 17:30 - #permalink

SQL Injection through Truncation

sqlinjection

Today I came over a blog post of Stefan Esser, known for his critics against the PHP Security Team and releasing a lot of exploits for PHP, who writes about a kinda new way of making a SQL Injection attack on a website. The idea is simple and cool: Let's imagine you have a database query, that looks like this:

SELECT * FROM user WHERE username='admin '

Look close enough! The attackers tries not to register the name "admin" here, he tries to register the name plus an appended whitespace char. That will not work because MySQL will ignore the whitespace and check for "admin", which is present and then deny the registration of that username. BUT now comes the cute hack, that makes it possible to get accross this. Let's say the attacker supplies the following name: "admin           x". The important thing here is the length of the supplied username, it has 17 chars. When the database has set the limit to 16 chars per field, MySQL will not be able to check for that username and thus the check if the user still exists will fail, which leads to the fact, that the username will finally be accepted. Because the field is only 16 chars long, the "x" in the username will be cut off and we finally end up with the name "admin" plus the whitespaces...

Now it depends on the coding of the application if you are finally able to log in with your selfmade username.

For the whole blog post and some more information check out [suspekt.org].

19th - August - 2008 - 16:00 - #permalink

XSS on OpenBSD.org

In the "underground" a link is floating around, that demonstrates a XSS bug on the website of OpenBSD. The examples shows a blinking text with the writing "Only 2 Remote bugs". The problem does not occurr due to a mistake the OpenBSD web developers team has made as far as I can see, it is more a bug in the software CVSWEB, which is a CGI application, that makes it possible to browse the CVS tree of a server through a web interface.

If you look at the code, you can see the following:

Current directory: <b> <a href="/cgi-bin/cvsweb/?sortby=%22>...

The "sortby" parameter is not filtered and therefore the attacker can simply close the "a" tag with a closing %22> and then add any HTML code he wants to.

For the original XSSed link click [here].

18th - August - 2008 - 17:00 - #permalink

White Hat kidnapped in Turkey

kier

That's the first case I heard of, that a computer hacker got kidnapped in such a way. Hackers being kidnapped by the police because of illegal activities is nothing new, even not very present in the media because of the police hiding everything and declining it. This time a hacker kidnapped another hacker. The hacker, that was kidnapped is a turkish guy known as Kier and he could be described as a White Hat Hacker and helped the turkish police to force down illegal activities in his country, such as credit card fraud. He worked against a website and a person, that could be called a Black Hat Hacker and known as Cha0, who is making his money with selling hardware for skimming* to get cash out of other peoples bank accounts.

It is not official, but it seems like the hacker known as Cha0 kidnapped the informant and posted the image above (in the original one you can even see his face) on a website as a warning to other people working against him and his crew. This way of doing it is quite new. Spammers attacking servers and websites of Anti-Spam companies is nothing new, but kidnapping a person in real and uncovering him on the net is a new dimension the cyber criminals have taken to make their work go on. This action shall be a warning to everyone trying to work against them and together with the police.

*skimming describes a way of stealing bank information through manipulated hardware. Normally you install a device in front of bank machines and this devices read out the information on the magnet stripe of the bank card. Then you are able to clone the card and with the PIN number, which you have read out via a little camera installed or something similar, you can steal the money from the persons bank account, mostly transferred into countries like Russia or China.

[News on blog.wired.com]

18th - August - 2008 - 12:30 - #permalink

And they did it anyway

Reading the media while the Defcon was made in Las Vegas you probably came across the news of some MIT students, that hacked the subway system, that is used in many major cities of the world. In the media it said, that the students were forced to not make their speech at Defcon, but talking to someone, who was there, I got to know, that they did it anyway and that's a good thing in my oppinion. Information must be free and security by obscurity does not work. Just forbidding someone to talk about vulnerabilities does not improve security in any way and that's why I am pro full disclosure.

The slides of the Defcon presentation are now online and you can find them [here].

It's really worth looking! The students did a great job in reversing the technology and finding ways to travel for free. Furthermore they showed how bad the physical security in the subways is nowadays: Open doors, keys laying around, computers not secured and accessable by anyone and many more unbelievable security weaknesses. Check it out.

15th - August - 2008 - 16:30 - #permalink

Interesting meeting at Olympia 2008

The weekend has almost arrived and as the last news before it, I will show you a nice image, that I found reading news about Beijing 2008... Guess, who has met there? Look yourself:

bg_and_gwb_at_olympia

You don't know the persons I mean? No comment!

14th - August - 2008 - 16:00 - #permalink

Keyczar: Crypto Toolkit by Google

keyczar

Google is a company, which does many good things and many things, that are quite questionable. Nevertheless they push technologies a good way forward and help to improve the web. Especially the Google Security Team, which features its own [weblog] on Blogspot does some cool stuff. Their newest creation is the Cryptographic Toolkit Keyczar, which I might look closer at in future.

The main idea is to make it easier for (somehow) unskilled developers to develop software with secure algorithms and modern cryptographic standards. Until now there is a Java and Python implementation, C++ is coming soon regarding the announcement on the website of Keyczar. On the page there is a simple example of code in Java and Python demonstrating how easy it is to use the toolkit, here the example in Java:

Crypter crypter = new Crypter("/path/to/your/keys");
String ciphertext = crypter.encrypt("Secret message");

And finally in Python:

crypter = Crypter.Read("/path/to/your/keys");
ciphertext = crypter.Encrypt("Secret message");

I just can suggest you to check it out on the [homepage of Keyczar].

13th - August - 2008 - 14:00 - #permalink

Cookie Stealing through HTTPS

Most people think, that using HTTPS on a website is enough to save your session from being hijacked by an attacker, but now the first tools found its way into the net, which show, that HTTPS is definitely NOT enough to secure yourself. Mike Perry has shown such an attack on the last Defcon and announced to release its tool in about two weeks.

How does the attack work? Very simple! Look: You contact Gmail (as an example) over a HTTPS connection, your cookie is safe so far. Now you surf through the net and an attacker embeds an image located on the site of Gmail in his website, but uses HTTP to load this images. Your cookie will now be send to Gmail, but unencrypted and the attacker is able to grab it, for example if you are in the same LAN and he is doing some ARP spoofing and sniffing.

Further details are also presented by Sandro Gauci. He has released a [paper] and a [video] demonstrating the so called "Surf Jacking". Further more he has released a tool, ironically on Google, that hijacks HTTPS connections, called [Surf Jack].

11th - August - 2008 - 17:30 - #permalink

The Pirate Bay blocked in Italy

tpb

I just came over a news on Slashdot announcing, that TPB (The Pirate Bay) is blocked all over Italy now. All ISPs are working together and block the whole IP address space of the well-known BitTorrent website. Other sites get also shut down. I think this is a very bad trend in the modern internet and it shows, that not only countries like China are censoring their users. I am somehow afraid of this trend as it shows, that ISPs can do whatever they want and make a whole country be not part of the "free" internet anymore. How far will this go? What will they block next? They have started to do it with a few sites, but now they might like to do it with more sites and if the people don't stand up against it (and I bet they won't) then the governments have the ability to do whatever they like...

Conclusion: If the people don't start to care about their freedom, then their won't be much left in near future!

08th - August - 2008 - 15:30 - #permalink

Techworld about the dying of VX

techworld

I have three words for you before you read this: OH MY GOD!

Just reading an article on Techworld about the constant dying of VX groups, I really had to shake my head a lot, the definitions are wrong, the facts are wrong, the article is bullshit... In the article it says, that there is only ONE group left. When I count the groups I get more: EOF, DR, PCR, FAT, Purgatory etc... So this article is really not worth reading, instead you want to laugh a lot and thus I won't put me between you and the article. Enjoy:

[VX Groups a dying breed, but they wont be missed]

To the author (Carl Jongsma): Inform yourself better before writing useless crap!

07th - August - 2008 - 15:30 - #permalink

Apple iPhone "Backdoor"?

iphone

A researcher has found out, that the firmware of the Apple iPhone, one of the most hyped mobile phones of today, seems to have some kind of "backdoor" implemented. What does this "backdoor" do? Well, Apple included a feature, that the iPhone connects to a server controled by Apple, which consists of a list of forbidden applications, thus it might be possible for the company to automatically delete any programs on the users phones worldwide, which they do not want them to be there. It is unclear in which time phase the iPhone connects to the server and till now no applications are listed, that are forbidden.

If you connect to the address located at - https://iphone-services.apple.com/clbl/unauthorizedApps - you will only find the following string:

{ "Date Generated" = "2008-08-07 12:13:46 Etc/GMT";
"BlackListedApps" = { "com.mal.icious" =
{ "Description" = "Being really bad!";
"App Name" = "Malicious";
"Date Revoked" = "2004-02-01 08:00:00 Etc/GMT"; }; }; }

Looking at this code two ideas come to my mind. First one is that Apple might add whatever they want to that list, for example programs, that might be use to hack into features of the iPhone, what Apple might not want; that would be the bad way. But there is also a good way of using this feature. Apple is able to add malware to that list, that might come out in future more often (let's see) and make sure the users get their iPhones cleaned automatically. That of course would be a great benefit for the phones security.

What Apple will actually do with this feature is unsure, let's hope for the best...

06th - August - 2008 - 16:30 - #permalink

Hacking the Great Firewall of China

gifc

Perfectly for the olympic games a toolset has come to the media, that allows chinese people to hack around the Great Firewall of China to get uncensored access to the internet. The toolchain consists of five tools, that make it possible to circumvate the firewall, encrypt your traffic, hide your IP address and allow FTP downloads. About one million people are using those tools in China to get access to foreign countries media sites, says the Global Internet Freedom Consortium (GIFC).

I very much respect those projects, that help people in countries being censored very strictly, to break the chains. But just to make a number, one million people are using it, with about 200 million using the internet in China. That's only about 0.5%, a very small amount. Why is this so? Well, that can have multiple reasons. One might be, that people don't know about it. Another might be, that people use other techniques, such as TOR or other services. But what's also very typical might be, that people just accept the censorship or even worse just don't care.

I once watched a documentation about hackers in China and one scene in this documentation was somehow "funny", the speaker said something like "With the access to internet, the people have the ability to read the humans knowledge spread all over the worldwide web." and while saying so you could see some chinese guys playing Counter Strike or other online games... Hmm, no wonder, that the country does this censorship and people don't stand up against it, if most people just care for gaming, instead of getting informed.

The tools can be downloaded [here].

05th - August - 2008 - 15:00 - #permalink

It's time to be in Las Vegas

blackhat

This year I was not able to take a trip to Las Vegas for Black Hat or the Defcon following in some days, but next year I am planning to go there. To everyone, who is there and enjoying the speeches or doing an own one: Have a lot of fun and happy hacking the next two days! The homepage of the Black Hat conference is very informative and you should check it out for sure.

On Twitter you can find a [channel] for the event. To get to know what you'll miss or better: what you'll be part of: Check out the [schedule] and [Speakers List].

At least one person I know (sorry, can't tell who) is going there. I am excited for some feedback, when he comes back!

Copyright © 2008 by SkyOut (Marcell Dietl)