Week 20 in Review – 2010

Resources:

• ReclaimPrivacy – reclaimprivacy.org
  This website provides an independent and open tool for scanning your Facebook privacy settings.
• McAfee Threats Report Released for First Quarter 2010 – avertlabs.com
  In it we reveal that USB worms have taken the No. 1 spot for malware worldwide!
• Interview by Eric Krapf of NoJitter on FBI Report of Telephony DoS Attacks – voipsecurityblog.typepad.com
  According to the FBI, scammers flood a victim’s phone number with phony calls while they’re also accessing that person’s account at a financial institution or other company.
• Q&A: HD Moore on Metasploit, Disclosure and Ethics – threatpost.com
  We conducted our third live chat this week, this one with HD Moore, the founder of the Metasploit Project and the CSO of Rapid7.
• Vulnerability Scanning Do’s And Don’ts – darkreading.com
  Take it slow and take one (or a few) step at a time, particularly when launching vulnerability scans or a new scanner for the first time.

Tools:

• SensePost J-Baah – sensepost.com
  If you’ve used CrowBar before, using J-Baah should be a breeze.
• Updated FreeRADIUS-WPE – willhackforsushi.com
  This tool still works very reliably for me, and it’s always a treat when a target wireless network is running PEAP or TTLS and I get to use it.
• Metasploit Framework 3.4.0 Released! – metasploit.com
  Since the last major release (3.3) over 100 new exploits have been added and over 200 bugs have been fixed.
• Introducing Metasploitable – metasploit.com
  Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image.
• Flint 1.1.0 Available – matasano.com
  A small number of changes have been introduced into Flint 1.1.0.
• DevBUG – Keeping track so you don’t have to – ethicalhack3r.co.uk
  It will be a search engine for software packages and their versions.

Techniques:

• OWASP ASVS – also good for architecture reviews – greebo.net
  I’ve just finished a job where I used OWASP’s Application Security Verification Standard as a light weight security architecture template.
• REVERSE(noitcejnI LQS dnilB) Bank Hacking – snosoft.blogspot.com
  While the automated scans didn’t find anything our manual testing identified an interesting Blind SQL Injection Vulnerability.
• Fun with printers.
  [part 3] – attackvector.org
  I had come across a program that was specifically designed to upload/download/append/etc. files to a printer that supported PJL.
• Man in the Middle Attack using Airbase-ng – attackvector.org
  The first way is to configure Airbase to listen for SSID probes and answer, regardless of the SSID name.
• Linux Vulnerability: sctp_process_unk_param & Scapy – attackvector.org
  Simply put, the vulnerability stems from someone coding something that allows user input, but doesn’t do the proper sanity checks.
• CDD.dll vulnerability: Difficult to exploit – technet.com
  Subsequently, the same vulnerability was encountered by participants of a different third-party image viewer forum.
• The wireless traffic of MIT students – ksplice.com
  Traffic was gathered with tcpdump on my laptop as I sat in the middle of the classroom.
• Burp Suite Tutorial – Scanner Tool – securityninja.co.uk
  I’m going to be using the Damn Vulnerable Web Application again today to demonstrate the Scanner tool.
• Fuzzing with Peach – nullthreat.net
  What I have found in my short time using is that it might be the most useful fuzzer I have used to date.
• Firewall fun with Scapy – attackvector.org
  Essentially, a firewall inspects packet headers and compares it to its policies.
• Testing Google Skipfish – h-online.com
  A first impression of Google’s Skipfish scanner for web applications.
• ENG + + (MS02-056) versus SNORT (SID: 11 264) – fnstenv.blogspot.com
  Today, a day after The Sheriff You Sh0t 4.0, we finally publish this video in this humble blog SDI.

Other News:

• New Tool Highlights Facebook Users’ Disregard for Privacy – readwriteweb.com
  The engine parses the data Facebook users have made public and allows it to be searchable outside the social network.
• Browser fingerprinting
  Some new research compiled by the EFF reveals your public browser data can be used to track your surfing habits.
  • Tracking Web users without using cookies – cnet.com
  • EFF: Forget cookies, your browser has fingerprints – networkworld.com
• Strengthening the Security Cooperation Program – technet.com
  We here at Microsoft understand that most governments are placed in unique positions when it comes to dealing with vulnerabilities within technologies.
• Modern car data systems lack security – hackaday.com
  They’ve even found a way to write malicious code to the car’s computer which can be programmed to erase itself in the event of a crash.
• U.S. Air Force gets 3,000 new ‘cyberspace officer – engadget.com
  That new title also comes complete with the impressive-looking badge pictured above, not to mention a full 115 days of additional training that promises to “raise the bar on technical competency.”
• Card selling marketplace hacked, forum database spread far and wide
  Carders.cc, a German online forum dedicated to helping criminals trade and sell financial data stolen through hacking, has itself been hacked.
  • Fraud Bazaar Carders.cc Hacked – krebsonsecurity.com
  • Vigilantes Hack Criminal Carding Forum and Expose Underground Dealings – wired.com
• Stolen web histories
  A study of 243,068 users found that 76% of them were vulnerable to history detection by malicious websites.
  • 76% of Web Users Affected By Browser History Stealing – slashdot.org
  • History stealing 2.0 – I know where you live – h-online.com
• FTC takes out notorious porn- and botnet-spewing ISP – networkworld.com
  The Federal Trade Commission today got a judge to effectively kill off  the Internet Service Provider 3FN who the agency said specialized in spam, porn, botnets, phishing and all manner of malicious Web content.
• Symantec To Buy VeriSign’s Authentication Business For $1.28 Billion – darkreading.com
  VeriSign will refocus business on Internet infrastructure, naming services.
• Survey Shows Most Flaws Sold For $5,000 Or Less – threatpost.com
  The survey asked researchers who have sold vulnerabilities to the public buyers as well as through private sales to rate the buyers on their trustworthiness, how quickly they paid, how much they paid and several other criteria.
• Security engineering: broken promises – zdnet.com
  For several decades, we have in essence completely failed to come up with even the most rudimentary, usable frameworks for understanding and assessing the security of modern software.
• AusCERT USB giveaways goes viral, and not in a good way
  Malware was spread by vendors given by vendors but fortunately they were easily defeatable.
  • Telstra distributes malware-infected USB drives at AusCERT – techtarget.com.au
  • IBM distributes USB malware cocktail at AusCERT security conference – sophos.com
• Office Security Engineering: BlueHat v9 Presentation – technet.com
  We don’t want a single bug in our parsing code to allow arbitrary code to harm a customer’s machine by doing things like installing a rootkit.
• WARNING: Facebook Clickjacking Attack Spreading Through News Feed – mashable.com
  Update: the domain from which the attack originates, fbhole.com, is now offline, which means the attack is over.
• Malware on Hijacked Subdomains. New Trend? – unmaskparasites.com
  The attack creates/modifies .htaccess files to redirect site visitors that come from major search engines and popular websites to scareware sites that aggressively push fake anti-virus software.