Week 20 in Review – 2012

Resources

• Mobile Threat Report, Q1 2012– f-secure.comIt’s time to publicly release our latest Mobile Threat Report, covering the 1st quarter of 2012. Our Q4 2011 report was quite popular and this new one for Q1 is even better. More content (and pages) for your reading pleasure.
• A closer look into the RSA SecureID software token– sensepost.comWidespread use of smart phones by employees to perform work related activities has introduced the idea of using these devices as an authentication token. As an example of such attempts, RSA SecureID software tokens are available for iPhone, Nokia and the Windows platforms.
• IPv6 Videos– isc.sans.eduWe are in the process of creating some videos to illustrate the impact IPv6 may have on your network. IPv6 may seem far away to you, and you may not have a plan to implement it. However, modern operating systems will frequently enable IPv6 tunneling protocols by default. As a result, you end up with covert channels bypassing your perimeter protection. These videos will focus on this issue.

Tools

• Introducing EMET v3– blogs.technet.comWe are pleased to announce the release of a new version of our Enhanced Mitigation Experience Toolkit (EMET) – EMET 3.0. EMET it is a free utility that helps prevent vulnerabilities in software from being successfully exploited for code execution.
• TrueCrack Beta Brute-Force Password for TrueCrypt Released– code.google.comTrueCrack is a brute-force password cracker for TrueCrypt volume files. It works on Linux and it is optimized with Nvidia Cuda technology.
• quarkspwdump – windows credentials extraction– code.google.comQuarks PwDump is a native Win32 tool to extract credentials from Windows operating systems.
• Frogger 1.2 – VLAN Hopping Script– commonexploits.comIt saves manually sniffing packets, going through and noting down the VLAN IDs etc. It is a fast way to discover live devices within each VLAN ID. Let’s say you have 100 VLAN IDs it will take you some time manually find devices or VLANs of interest.

Techniques

• Reversing 101 – Solving a protection scheme– corelan.beIn this post, we’ll look at an application reversing challenge from HTS (hackthissite.org) resembling a real-life protection scheme. You can find a copy of the challenge here: http://www.hackthissite.org/missions/application/app17win.zip Put simple, the program creates a key for your username, and compares it to the one you enter. This tutorial is not meant as a spoiler for HTS since for every username a dedicated password will be computed. This tutorial is purely written to allow you to understand how some (even real-life) protection schemes are implemented.
• Mallory MITM + FIX SSL Decryption– blog.opensecurityresearch.comIn this post I’ll cover how I approached testing this protocol and the tools I used to test it. I won’t be discussing the FIX protocol in much detail beyond what can be found on the FIX site or various FIX wikis on the net. This post will focus primarily on how to set up and configure Mallory to decrypt the SSL stream from a FIX-speaking thick client.
• CSS-Only Clickjacking– jsfiddle.netIf you click on any of the links below your click will be passed to a hidden Facebook Like button (Click) or a Twitter Follow button (Dont’ click) just below the links.
  The magic is done with a simple CSS rule set in the style of the overlaying element.
• From LOW to PWNED
  [9] Apple Filing Protocol (AFP)– carnal0wnage.attackresearch.comThe Apple Filing Protocol (AFP) is a network protocol that offers file services for Mac OS X and original Mac OS. In Mac OS X, AFP is one of several file services supported including Server Message Block (SMB), Network File System (NFS), File Transfer Protocol (FTP), and WebDAV.
• PHP 5.4 Win32 Code Execution– packetstormsecurity.orgPHP version 5.4.3 code execution exploit for Win32.

Vulnerabilities

• ElcomSoft Helps Investigate Crime Providing Yet Another Way to Break into iOS with iCloud Attack Advanced Password Cracking Insight– crackpassword.comElcomsoft Phone Password Breaker and Elcomsoft iOS Forensic Toolkit have been around for a while, acquiring user information from physical iPhone/iPad devices or recovering data from user-created offline backups.

Other News

• Popular Surveillance Cameras Open to Hackers, Researcher Says– wired.comThree of the most popular brands of closed-circuit surveillance cameras are sold with remote internet access enabled by default, and with weak password security — a classic recipe for security failure that could allow hackers to remotely tap into the video feeds, according to new research.
• Career Advice Tuesday – Why Info Sec Position Go Unfilled– infosecleaders.comBelow you will find the unedited version of my latest article for Tech Target/Search Security – Information Security Magazine. The article is designed to shed some light as to why companies have such a difficult time in filling information security roles.