Archive for the 'Security' Category
From The Daily News:
Internet spammers launched a widespread attack on e-mail inboxes this month. But instead of trying to lure users into opening a corrupted attachment, they’re concealing a computer virus in a link to an online greeting card.
This is news, because?! How old is this trick? Yes, it is true that mail administrators have seen a rise in the number of falsified online greeting card SPAM with attachments lately, but this is an old trick. I have been an admin and over a corporate network for almost 9 years now and have seen many similar attempts to exploit end users in the same manner. Now, because it happens repeatedly in a short period of time, these spammers are doing something new?!
No, way… This is old school. Just thought I’d air that out there… A lot of news organizations are writing about this now and it just sort of struck me the wrong way.
I agree that we need to educate unsuspecting end users about the dangers of the Internet, but it just seems like the media is trying to stir up something that has been a known issue for years now. Sure, there are new people connecting to the Internet everyday who think if they have an e-mail in their inbox every time they check it it must be legit. But, come on. Report on some of the new stuff going on… Or, is there any?! Nobody knows!
Until next time…
This post is the reason I posted my previous blog entry on installing the Metasploit framework on my Apple MacBook. Chris sent me a link to this movie showing someone exploiting a vulnerability in Microsoft’s Windows. The .ANI Header Stack Overflow vulnerability allows a remote attacker to send a malicious e-mail to an unsuspecting user with an unpatched Windows machine and gaining remote shell access.
After Metasploit was installed on my MacBook, I followed the steps in the movie as they were shown and it worked like a champ. The recipient of the e-mail has to be viewing the e-mail in HTML. I was only able to exploit this vulnerability when using Microsoft Outlook or Microsoft’s Outlook Express e-mail client’s when the client was setup to view messages in HTML. Either way, I gained access to one of my own machines using this exploit and it showed me just how easy it would be for someone with malicious intent to really wreak havoc on a novice or unsuspecting user.
I am impressed at the whole concept behind the Metasploit framework for exploiting known vulnerabilities and delivering payloads with basically the push of a button. The interface and command logic is easy to understand, for this exploit anyway, and I look forward to learning more about the framework, the exploits, and the payloads in the near future.
Until next time…
I have known about the Metasploit framework for quite some time but have never really known how to use it or taken the time to learn. Recently, Chris inspired me to try it by showing me a movie explaining how to exploit a vulnerability in Microsoft Windows related to the .ANI Header Stack Overflow Vulnerability (more on this in my next post).
Before I could begin working with this nifty little exploit in Metaspolit I had to get the framework installed on my MacBook. Metasploit is a suite of Ruby scripts and will run on virtually any Unix based operating system and Windows (with some minor tweaking). I checked the MacPorts for Metasploit and it was available as a port install but the latest version in the ports tree was 2.7. I needed at least version 3.0, and later determined I needed a development version, version 3.1, from the trunk to get the exploit I was after.
The first thing I did was upgrade my Subversion client on Mac OS X. I got the universal binary from here and installing and upgrading my Subversion was pretty painless. It installed like most other Mac applications from a package.
Lately, Chris and I have been rekindling our love of wireless technologies. We’ve been doing some wardriving and have also been messing around with WEP and WPA cracking again (See the notice at the bottom of this page). Chris has been able to successfully crack his WEP keys before using the tools available in the Aircrack Suite on Linux, Debian to be more specific. Now, me on the other hand, I’ve never been able to crack my WEP key.
My first attempts were flawed because I was never able to successfully patch the drivers for my ORiNOCO Classic Gold PCMCIA card under Fedora Core Linux. I needed to patch my drivers so I could put my card into monitor mode for use with Kismet or the Aircrack Suite.
Once I came back to the *NIX (Unix/Linux) world and reentered the game with FreeBSD, my Orinoco Classic Gold card was fully supported. I could put the card into monitor mode and what not but for some reason I could never get it working with Kismet. I then moved to a Linksys WPC55AG ver. 1.1 PC Card which uses an Atheros chipset and therefore was supported with the the ath driver under FreeBSD. Now Kismet was happy, but guess what?! The full set of tools included in the Aircrack Suite wasn’t completely ported to FreeBSD… Tough break!
Here it is 2007 and I’m sporting a 13″ Apple MacBook. The best commercially supported Unix on the market, in my opinion. I’ve blogged about it before and I’ll reiterate it here again that KisMAC is an extremely nice application for keeping your eye on wireless activities. Well, I recently found out that its also an extremely powerful tool for attempting to crack WEP keys and that it also supports my newly acquired D-Link DWL-122 wireless USB stick for performing such tasks.
I have made two attempts to crack my APs WEP key and both have failed miserably. I’m not sure what is happening, but once I have gathered almost 30k packets and am injecting weak IV packets back into the mix, the application kind of locks up. It doesn’t lock up completely as it is still capturing data and injecting packets, but every option in the drop down menus of the application become disabled/grayed out. It makes it kind of hard to do anything else with the application since your hands are tied and you can’t even save your data, attempt a crack of some sort, or even exit the application properly.
So, I have ordered another KisMAC supported USB wireless NIC. I purchased 4 (I couldn’t pass up the price they were being sold at on eBay and they’re supported on Linux as well as Macintosh) Ashton Digital WRUB 2011i NICs. I only bought two items off of eBay but there are two NICs in each box. Hopefully, this is better supported in KisMAC as I read some documentation about some issues with the DWL-122… after I bought it of course.
Hopefully, once these new NICs arrive I will finally be able to crack my WEP key for the first time. I look forward to the day when I am able to do this on a platform of my choice and I don’t have to break down and run Debian like Chris just to be cool and crack my WEP key! Of course, there’s always virtual machines… Maybe I could run Debian in Parallels on my MacBook and crack WEP that way… It’d still be done “from a Mac”, right?!
Until next time…
Notice: No, we’re not trying to crack our WEP keys so we can learn to do something malicious to anyone else’s network. We’re merely interested in the technologies involved in cracking such keys and the fact that the “security” vendors are selling us is so easily penetrable. Its research ladies and gentlemen. That’s it!
I first saw this nice little trick a year or so ago. A fellow admin and friend of mine, Tommy, used a Bluetooth® headset to automatically lock his Windows machine whenever he stepped away from his computer and his headset was no longer in range of his PC’s Bluetooth® dongle. I don’t remember how I stumbled upon this blog post yesterday, but I am glad I did. This post shows you how to implement a similar solution using an application called Proximity and some AppleScripts to achieve the same result.
The cool thing about this solutions for the Mac is that the events that are triggered when the specified Bluetooth® device enters and leaves the Mac’s Bluetooth® proximity are AppleScripts. AppleScripts allow you to easily program for the Mac. AppleScripts are pretty much the same thing as shell scripts for any other operating system and command line environment, like batch scripts for Windows and Bash or C Shell scripts for Unix based and derived operating systems like Linux and FreeBSD. Basically, with a solution like this, you aren’t tied to the developer’s ideas of what should happen when you step away from your machine. The ball is totally in your court and your goal is only limited by your creativity and your programming ability.
Flickr Updates
