Week 13 In Review – 2011

Resources

• Weaponizing doz.me: Improved HTML5 DDOS – spareclockcycles.org
  Beyond making the backend code a little bit less of a disaster than it was originally, I have also made the attack itself significantly more effective.
• Location of Forensice Evidence in the Registry – travisaltman.com
  I got tired of always searching online for the location of something in the windows registry, especially when it came to forensic analysis.
• Building A Better CA Infrastructure – freedom-to-tinker.com
  As several Tor project authors, Ben Adida and many others have written, our certificate authority infrastructure has the flaw that any one CA, anywhere on the planet, can issue a certificate for any web site, anywhere else on the planet.
• HAKING Magazine Issue 4/2011 – professionalsecuritytesters.org
  In order to download the magazine you need to sign up to our newsletter. After clicking the “Download” button, you will be asked to provide your email address.
• New NIST Cloud Computing Reference Architecture – rationalsurvivability.com
  In case you weren’t aware, NIST has a WIKI for collaboration on Cloud Computing.
• Enabling Browser Security In Web Applications – michael-coates.blogspot.com
  These security properties enable the browser to impose additional security controls on items such as cookie handling, framing, and even the processing of JavaScript.
• How To Learn The IT Skills Of A Security Professional – resources.infosecinstitute.com
  There are two general routes to gaining this knowledge. For some, it works better if they just take some classes to get started. Others just Google what they want to learn and teach themselves.
• IBM X-Force 2010 Trend Report Launched – blogs.iss.net
  On Thursday we released our latest IBM X-Force 2010 Trend and Risk Report. As a part of this release we wanted to share a bit more insight into several areas that we think are fascinating.

Tools

• W3Perl: A Tool to Analyze Your Web Activity – w3perl.com
  W3Perl can be easily configured. It is a command-line tool with a nice front-end with many options to play with.

• ‘Cree.py’ Social Engineering Pinpoints A Person’s Physical Location – darkreading.com
  A savvy and determined social engineer can gather and manually correlate the geolocation tags of his or her target’s social network or other online posts.
• UPDATE: MOSCRACK-2.03b! – sourceforge.net
  Moscrack is a perl application designed to facilitate cracking WPA keys on a cluster of computers.
• VMDetect Tool!! – r00tsec.blogspot.com
  VMDetect is the FREE tool to find out if your program is running inside virtual machine.
• The Social Engineer Toolkit v1.3 “Artillery Edition” Released – secmaniac.com
  This is a major release and about 4 months of straight development that adds a ton of new features. For a list of changes, check out the previous blog post which has them listed and check out the new teaser videos.

Techniques

• Hatkit Proxy
  The primary purpose of the Hatkit Proxy is to create a minimal, lightweight proxy which stores traffic into an offline storage where further analysis can be performed.
  • OWASP Hatkit Proxy Project – owasp.org
  • hatkit_proxy log – martin.swende.se

• Malware Analysis for Idiots – zonbi.org
  People that know me know I have a rather strange fetish for malware.
• CRC-32 forging – blog.stalkr.net
  You may already know that the CRC-32 of any text can be forged if you can add 4 bytes anywhere in the text. See anarchriz’s paper on the subject.
• NBNS Spoofing on your way to World Domination – packetstan.com
  We discussed our paths of least resistance for internal tests, and I mentioned that my favorite are the attacks based on spoofing NetBIOS Name Service (NBNS) Responses.
• Improving SSL Certificate Security – googleonlinesecurity.blogspot.com
  Given the current interest it seems like a good time to talk about two projects in which Google is engaged.

Vulnerabilities

• Attack on MySQL.com and further injections
  This morning our friend Jackh4x0r decided to make public a vulnerability in MySQL.com.
  • My.SQL.com Full Disclosure – tinkode27.baywords.com
  • MySQL Full Disclosure Document – pastebin.com
  • MySQL.com vulnerable to blind injections – hackerregiment.com
  • MySQL.com compromised – blog.sucuri.net
  • Mass SQL injection attack leads to Scareware – zdnet.com
  • Faster blind injection data transaction – sla.ckers.org
  • Analyzing A Mass SQL injection attack – blogs.iss.net
  • Massive SQL injection attack making the rounds – arstechnica.com
  • IBM Cites Three Consecutive Summers of SQL Attacks – darkreading.com

• Technical Analysis and Advanced Exploitation of Adobe Flash Player 0day – vupen.com
  In this blog, we will share our binary analysis of the vulnerability and how we achieved a reliable exploitation on Windows 7 with ASLR/DEP bypass.
• Researchers point out holes in McAfee’s website – news.cnet.com
  Researchers disclosed on a public security e-mail list today three vulnerabilities in the Web site of security firm McAfee, whose site has been found to have bugs several times before.

Other News

• Comodo Aftermath and Hacker Reveal
  The alleged hacker of Comodo stepped forward this weekend to explain how he generated bogus SSL certificates for login.skype.com, mail.google.com, login.live.com and other popular internet websites.
  • Comodo hacker out himself,claims “no connection to Iranian cyber army” – nakedsecurity.sophos.com
  • The Comodo hacker releases his manifesto – erratasec.blogspot.com
  • Interview with ComodoHacker – erratasec.blogspot.com
  • Verifying the Comodo hacker’s key – erratasec.blogspot.com
  • SSL meltdown: Mozilla admits mistakes in its information policy – h-online.com
  • Independent Iranian Hacker Claims Responsibility for Comodo Hack – wired.com
  • Comodo Hacker: Mozilla cert released – pastebin.com
  • Comodo Hacker releases Mozilla Certificate – news.netcraft.com
  • Comodo Says Two more Registration Authorities Compromised – threatpost.com

• Notes and Postmortems on the RSA Attack
  How did a hacker manage to infiltrate one of the world’s top computer-security companies?
  • The RSA Hack: How They Did It – bits.blogs.nytimes
  • Domain Used In RSA Attacks Taunted U.S. – krebsonsecurity.com
  • RSA Comes Out With More Incident Information, Yay – terminal23.net

• Hacker Groups Changes Millions of Passwords to “Password” – f-secure.com
  Passwords from over 3,000,000 user accounts were apparently set to “password” late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites.

• How do you stop piracy? Try giving hackers a job – computerandvideogames.com
  But is there a better way to tackle those gleefully infringing on publishers’ copyright than simply wielding the ban hammer?
• The Changing Wireless Attack Landscape – willhackforsushi.com
  Over the past couple of years we’ve seen a definite change in wireless hacking techniques and tools.

• Hacking A Freemium iOS App – reverse.put.as
  The iPad is a great product but it’s full of spyware and that sucks big time. One might argue that it’s not spyware, it’s just sending bits of information.
• Microsoft Hunting Rustock Controllers – krebsonsecurity.com
  Earlier this month, Microsoft crippled Rustock by convincing a court to let it seize dozens of Rustock control servers that were scattered among several U.S.-based hosting providers.
• Joanna Ruskowska Reveals Her Process For Security Research – resources.infosecinstitute.com
  In our ongoing series of interviews, Joanna Rutkowska answered a few questions and pulled back the curtain a bit on the methods, tools and motivation for the work she does.
• Android Malware Against Software Piracy – nakedsecurity.sophos.com
  The success of the Android platform is obvious from the number of applications, now over 300000, now available from the Android Market.