I recently came across on eBay someone, actually more than one, selling used and brand new ATM machine (not cheap): ATM Machine on eBay

In the same category of ATM machnies you can see a lot of equipment used as Automated Teller Machines, not just what we call cash ATMs.

It appears that now someone went on and bought one such device and placed it (or hacked a similar device) during the recent DefCon event as can be seen in the following article:
http://www.hackaday.com/entry/1234000793052540/.

This ATM appear to have been “harmlessly” made into taking $2.00 off your credit account.

What next? putting your credit card into the ATM machine and getting money back ?

I recently wrote about New Attitude to Piracy and I mentioned that there is a way around the Microsoft Genuine Advantage by downloading a patched version of the program.

How far off I was , it appears that now all you need is Javascript.

Yes you heard it, Javascript will allow you to bypass the Microsoft Genuine Advantage check, here is how:

AV sez, “This week, Microsoft started requiring users to verify their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called ‘Genuine Advantage.’ It was cracked within 24 hours.”

Before pressing ‘Custom’ or ‘Express’ buttons paste this text to the address bar and press enter:

javascript:void(window.g_sDisableWGACheck=’all’)

It turns off the trigger for the key check.

Geoffrey Huntley recently purchased IBM RS/6000 E20 servers for about ~$20 AUD a server. Booted it up, logged on as the user root with the password root ( ) and got access to the machine.

Instead of finding a clean slate, where all data was wiped, Geoffrey found a system packed with data. Stuck print requests, backup tapes still inserted inside the tape drive, emails, user settings (including passwords, telephone numbers, etc) and a lot of sensitive information that shouldn’t have left the government facilities.

In addition, the computer contained high level source-code for all of the ticket validation machines used on the Sydney transport network (buses and ferries).

Additional details on this matter can be found at: http://www.geoffreyhuntley.com/news/data-security-101/

You gotta love phrack. In its third incarnation, but as fresh as the first edition. From the Call for Papers:

As originally stated, Phrack strayed from its original purpose
nearly 62 issues ago. Because of the irresponsible use of the
Phrack forum, the commercialisation of hacking has been allowed
to occur — neigh — encouraged. The old Phrack has been a long-time
in dying. The past few issues have been coughing up blood (this
could have been due to a severe case of industry rape). But now
that death has come to the old Phrack, like Gene Gray, Phrack
is reborn.

The sample article starts with a quote by Homer Simpson, and describes the behind the scenes of the break in to Kevin Mitnick’s web site - a classic Phrack article by all means. Hopefully, the full edition will be more technical and continue the phrack spirit of interesting technical articles along with just pure and anarchistic fun.

Image this:

You check into your hotel room, turn on the TV and hack you way into your next door neighbor’s hotel account. You can now charge him for your movies (mostly p0rn^H^H^H^Hentertainment), charge him for the room service, and basically live off his hotel account.

Sound ficticious? complicated? Well not as much as you’d expect. All you need according to Adam Laurie is

“… a laptop running Linux, an infrared transmitter and a USB TV tuner.”

One drawback is that:

“It could take hours to decipher the more than 16,000 possible codes a TV remote uses.”

But Laurie automated the process by using a program he wrote that analyzed and mapped all the possible codes in 35 minutes to see which ones were relevant for the system he was trying to crack.

Unfortunately :S Laurie doesn’t plan to release the program.

Sysinternals has posted an article where they show how to turn virtually all the services of the Windows XP’s operating system and still get Internet Explorer to run smoothly. The immediate benefit from doing this is of course, security, which we all love. No RPC to get you Blaster, no SMSS to get you Sasser, and so on so forth.

Is this going to get adopted by the security community? I believe so, as you don’t really need file sharing capabilities, if you are the only one on the network, you don’t need to be able to run Remote Procedure Calls (RPC) if you are the only one that should run commands on your computer, etc.

VeriSign has decided to act on 3Com’s TippingPoint Zero Day Initiative, by doubling any compensation that vulnerability researchers received.

Is this what consumers really want from VeriSign and 3Com? I believe paying for vulnerabilities was a bad idea to start with, but this only makes it worse. Why would someone publish a vulnerability in a piece of software if no one is willing to pay for it as it is for some not-so-frequently used software? What will happen to this vulnerability? will the bad guys not know about it just because it wasn’t worth the “effort” (money) of VeriSign and/or 3Com?

Time will tell how what good will come out of these initiative, my gut feeling on it is that it was a bad idea to start with.

Cisco has filed a restraining order against Michael Lynn after he decided to go on, even after being threatened that Cisco will take legal action, and give a presentation during the Black Hat convention on a security vulnerability discovered in Cisco’s router operating system (IOS). This vulnerability was discovered by him while he was being employed by ISS.

During this presentation Mr Lynn also mentioned that this flaw in the Cisco IOS could expose the Internet to a crippling attack. The hole has already been fixed by software updates to Cisco routers.

The legal filing was made by both Cisco and Mr Lynn’s former employee, Internet Security Systems (ISS).

Cisco claims that they are only trying to protect its intellectual property by stopping any further revelations about the software flaw. Mr Lynn said he left his job so that he could deliver his presentation to the Black Hat conference of computer security professionals on Wednesday 27 July.

By the way, Cisco is claiming that they are aware of the flaw and have patched it in recent software updates to its routers. But if this is true, why are they working so hard in filling a law suit?

Some additional information has arrived from xort but is yet to be confirmed: Mike’s outstanding research was going to both prove that it is possible to spawn a remote connection of a IOS-shell to a foreign host via heap overflows without having the router crash/reload IOS software. It is important that information like this be made public..

The complete presentation can be found at: http://www.jwdt.com/~paysan/lynn-cisco.pdf, http://md.hudora.de/archive/pub/lynn-cisco.pdf or http://cryptome.org/lynn-cisco.zip

Microsoft has shifted its attitude towards piracy. Instead of trying to crack down on it by putting people in jail (mostly using the BSA) and stopping them from being able to use it (via Activation), Microsoft is now trying to convince owners of pirated Windows to buy a legitimate copy of Windows by denying them from downloading free software.

One such free software is Microsoft’s Anti-Spyware tool, which is currently free to anyone, but soon (once it’s out of Beta) will become available for free only to those that have a legitimate copy of Windows.

How does Microsoft know that you have a legitimate copy, you ask? Well, they use a nifty little ActiveX/EXE called Microsoft Genuine Advantage that checks your serial key against their database of serial keys, and if it is a legitimate serial key you are given an authenticity number to give back to the Microsoft web site which in turn will give you access to the download page.

As always with software piracy, shortly after the release of the Microsoft Genuine Advantage, the program was cracked and you can “now” get an authenticity number even if you are not using a legitimate copy of Windows.

However, even if this scheme is bypassed using a cracked version of the Microsoft Genuine Advantage tool, it still marks a shift in the way Microsoft handles piracy. I truly believe pirates will understand what they lose if they don’t buy a legitimate copy when such programs as these are more common, this is very similar in concept to buying a stolen copy of an Antivirus program but never being able to update it as its a stolen copy.

The security ‘honeypot’ concept is very well known - place a bait for an attacker, and collect information about them (exploit code in use, IP’s they use to connect from, legal proof to be used in court).
Security concepts sometimes ‘leak’ into the physical world, and that’s when it gets fun.
The Canadian police places bait cars equipped with a video surveillance unit and a location beacon. The unfortunate criminal who chooses to steal the car, shortly finds the police behind him.

Go Canada! That’s the way to do it.

Georgi Guninski found a vulnerability in VIM that allows an attacker to create a file that, when opened in vim, executes commands.

The problem is, I can’t tell you about the vulnerability. Why? Because Georgi explicitly forbids vulnerability databases (such as our own SecuriTeam.com) from quoting the advisory or even parts of it.

Georgi is a bright guy. He found a security hole in qmail, which is objectively a very impressive task (considering the qmail security bounty, and the length of time since anyone found a bug in the qmail code). He has a long record of finding vulnerabilities in products all-over. But there’s obviously a chip on his shoulder.

I don’t think we ever communicated with him directly, so I’m not really sure what’s bothering him - maybe one of the vendors (Microsoft?) mistreated him. Maybe CERT, SecurityFocus or some other “vulnerability databases” (as he calls them) did something to offend him. Maybe a combination of both. But whatever happened, he works very hard to ensure his research isn’t used by “[…] so called ‘vulnerabilities databases’ and securityfocus, microsoft, cert and mitre.”

His choice to limit the spreading of his advisories, mean that most VIM users will never be aware of the possibility of a virus writer to infect their system using a simple txt file.
Of course, you can sign up to Georgi’s mailing list, or frequent his web site, but I’m guessing not too many people do that, for the simple reason that not too many people have heard of Georgi, exactly because his advisories aren’t wide-spread.

Most people in the security field (perhaps like any other field) have egos and emotions, and we have to respect that. Smart people like Georgi tend to like doing things their own way, and we have to respect that too. But what Georgi is doing seems to be bad for everyone - for the VIM users who will never know there’s a vulnerability, for the security portals (like us) who can’t tell our readers about these problems, and for Georgi himself, for getting very limited exposure to his findings (after all, I believe most security researchers work so that other people can see their research). This is a game where everybody seems to lose.

Read this title: “Russian Police Say Robbers Killed Spammer Kushnir” and think, why is this news?

Well… believe it or not, this item follows a previous item titled “Russian spammer found murdered“, which can cause anyone that receives tens, hundreds or thousands of SPAM emails per day to raise an eyebrow and think, is this the solution to SPAM? (Just to get the facts straight, it isn’t).

Gigabyte has come out with a card that takes normal DDR memory chips and “converts” them into a virtual SATA harddrive - they call it i-RAM.

As these memory chips will lose their content if the power is cut off of them, the card comes with its own battery powered powersupply, which lasts 16 hours.

This sounds great, it will certainly make the computer run faster, though not that fast as Gigabyte might have wanted, as there is the SATA limitation of 160Mb/s. It will also make the computer run notably quieter.

Can this also be used as a security device? maybe a temper proof storage device that loses its memory if the computer is stolen… all you need to make sure is that your office doesn’t lose power too often

TippingPoint recently advised the hacker community on their Zero Day Initiative, where they are willing to pay (I hope big sums of money…), much like iDefense, for recently discovered vulnerabilities.

Does this mark the end of vulnerability disclosure as we know it? a market where knowing a vulnerability is only controlled by how much you are willing to pay? a market where you can get hacked because you haven’t payed TippingPoint but rather only payed iDefense?

I certainly hope not.

I recently stumbled upon an article in eWeek, that was later picked up by a few other news agencies that talks about how invisible ink might be used to track the printer that printed the document, which in turn can be then used to track the owner.

It appears that it is not some kind of hoax, rather the EFF (Investigating Machine Identification Code Technology in Color Laser Printers) has actually written a paper on this issue, providing some samples, Canon CIR3200 screen shot.

The EFF has yet to uncover the method used to fingerprint the paper that would in turn allow someone to know what printer printed the material, they however promise to look into it further, and they ask the assistance of people worldwide in sending them additional printouts from the list of printers they provided at the bottom of the paper.

Can you say 1984? Privacy issue?

I recently came across a description of a vulnerability in Windows’ USB device drivers that allows someone to plug a USB device into your computer and cause the Windows operating system to execute arbitrary code.

This is the stuff that Spys live for, imagine this:
Our agent infiltrates the facility impersonating someone from the cleaning personal, goes to your Windows desktop, plugs his custom made USB device, waits for the green light confirmation from the USB device, and unplugs the USB device.

Nothing is left behind, nothing is traceable back to who did it. During this infiltration the USB device causes a buffer overflow in the Windows’ kernel, causing it to download and execute an information gathering backdoor on your computer.

Neat ha?

This is no longer a thing of dreams: http://www.eweek.com/article2/0,1895,1840141,00.asp