Wardriving is practically extinct. It doesn’t make sense anymore to drive around looking for wireless hotspots, because that will be like using a complex GPS navigation system to find a starbucks. There’s no need to search for it - it’s right around the corner!

Wireless hotspots are everywhere – from the local coffee shops trying to compete with Starbucks by giving away free wifi, through the motels that found themselves forced to provide free Internet to their guests, to the community-sponsored free hotspot in places like Palo Alto. Google announced plans to cover Mountain View with free hotspots, and suddenly you don’t even have a driving license in order to wardrive.

This is all a good thing, of course, because it means I can enjoy Panera’s excellent soup without missing this week’s PBF cartoon. But there’s one drawback to this situation - we lose traceability.

Right now whenever someone decides to set up a new kiddie porn site, whether it’s on a zombie machine or a “bullet proof” hosting server, that machine has a unique IP address that is traceable to a person. Typically, only the ISP that provides the actual network connection will know who the person or organization behind that IP is, but that’s usually enough. If it’s a serious offense such as kiddie porn or phishing, coordination between the ISP’s and various security groups will get that machine shut down, and if necessary, prosecute the owner. Traceability is here in a sense that every IP identifies an ISP who can match {IP, timestamp} with a paying user. This will not be the case with free wifi hotspots.

With free wifi, there’s no authentication. Even if there were, as long as there’s no payment, the authentication is worthless.
Consider the following situation. I go to my favorite Café, order a tall Laté and post an anonymous note in a forum threatening to kill my teacher. In a typical scenario, the police could trace my IP from the forum logs, go to my ISP and ask for my address. But the IP that appears in the forum belongs to the wireless router used in the Café. Even in the unlikely situation where logs are kept, all the Café has is my internal address and my MAC address. I might even be there when the police comes – drinking my coffee and connecting to other web sites. They’ll have a hard time tracing my machine without triangulation hardware, and if I bought a new Wifi card at Fry’s, my MAC address will be different and then I really disappeared off the map.

Now consider this on a larger scale. Lets say I buy a mini-Mac, find my nearest Panera and place the mini-Mac some place where it won’t stand out (tape it on the rear restaurant walls near the garbage cans?) and use the wireless connection to send out kiddie porn pictures to a mailing list, or just plain spam. Even when somebody traces my machine back to Panera, it will be difficult to find the computer without sophisticated hardware. Even when it’s found, all I lose is the machine – it will never be traced back to me.
Easier and more reliable than using a zombie. Only a few hundred dollars to set up, no monthly fee (and no roaming charges, but I digress).

I’m not sure how to solve this problem, without completely shutting down free wifi access the way it is today – and I really wouldn’t want to see that happens. Maybe it’s one of the risks that arise when new technology comes into play.

This isn’t a joke, someone out there really believes that its necessary to quarantine the SETI efforts in order to avoid that malicious ETI trying to hack our systems.

My take on it is lets first stop all our THackers (Terrestrial Hackers) then move on to ETI Hackers

The cute device Knows Your Name Elmo, has been recently hacked to say bad things as ELMO EAT WHALE AND SEAL.

I am sure this isn’t a sesame street approved sentence

For now the the hacking of the device is pretty crude, and many details on its inner workings are still missing, but with time the customization options on this device are bound to become available.

I am waiting for a coffe making device that will do my bidding, but a Elmo coffe making device will be also great

More details at this link.

As reported by the register, the first Trojan that exploit the previously discussed Sony rootkit has been spotted in the wild.

This comes shortly after a turbulent week for Sony, as they were hit with two lawsuits one from an EFF-like group in Italy and a class-action from the state of California. Both lawsuits claim that they infringe on customer’s privacy without informing them of this possibility during the playing / listening to their music CDs.

I am sure we will see more about this, my guess that even though Sony was the first to get a lot of press on their use of rootkits to protect their IP, I am sure other cases will now come to light, as people will start looking for the patterns of rootkit behavior in other products.

Q:

Hello -

I’m assessing the vulnerability of a web service application, and have been trying to find out whether this sort of scenario is possible, and if so, what to do about it.

Is there any sort of malware that could be installed on a user’s PC, such that it would intercept non-browser based HTTP requests (consisting of data to be PUT), send this data to a site run by the malware authors, and then issue the PUT to the intended web site? The effect being that the data is sent to the correct web site, but a copy is also sent to another location, unbeknownst to the user.

If this is possible, would HTTPS circumvent this?

I’ve searched and searched but cannot find anything addressing this.

A:

Hi,

What you are describing sounds like a Proxy server. In essence, proxies receive requests made by the user, send them to their original destination, receive the response from the destination and redirect that response to the user.

The use of a PUT requests to implement this is the first time I have heard of it, however it is not something that would be impossible to do.

For Proxy servers - HTTPS might trigger a warning on the part of the proxy as the certificate of the web site being accessed would be different from that of the proxy server from which you are receiving the HTTPS traffic back.

For Malware - As no traffic is being sent to the real destination, HTTPS or HTTP would make no difference. In both cases your traffic is being modified and possibly manipulated. Mozilla/IE might detect this manipulation and might not, I cannot be certain.

Wired has put up a flash based presentation on how buffer overflow work on their web site as part of their look into History’s Worst Software Bugs , the presentation is available from here.

The only question I have for this flash presentation is where do I get that cool burglar mask

There is a web site of an open source project that keeps on getting defaced (I’m not going to write it’s name btw). The site itself is hosted at a content provider, that as far as I know, does it in the spirit of open source.

The site itself is hosted with other web sites on the same server (it uses Virtual Hosts), therefore all that is required to deface all the web sites on the server a security bug in one of the virtual host.

The defacement has happened at least 3 times now, and every time, I have offered my help, and every time it was declined.

When I gave them a suggestion on how to make the system less vulnerable, I was given excuses on why to not use the suggestion, and go on and continue to use PostNuke, and other flawed services.

One of their main excuses is time. They claim that it is a waste of time to find a better replacement to PostNuke. Another one is that even sites with static HTML are vulnerable, so they can’t be sure that PostNuke was responsible for the defacement.

A few other excuses were provided as well, one in particular made me angry “OK, you found the vulnerability on my server, and the attackers used it to deface the web sites again before I solved the issue, what should I do then ?” (I’m quoting from memory).

When will content suppliers learn that it’s easier to close known vulnerabilities then to avoid being hit by a car when you cross the road?

When will they stop giving execuses such as “I don’t have the time to make it better, but I do have time to fix the damaged pages over and over and over and over and over and over and over again and over again and over again and over again and over again and over again and over again and over again and over again and over again?”

IMHO the time you would waste on finding a better content management system is far better than the time you would waste on fixing the same problems over and over again and again.

Burying your head in the ground is useful only to “Big Birds” that forgot how to fly, and lost their wings, not to people that manages data and content.

The problem can be easily solved, all you need is to take a few steps. These steps are currently being pushed away by excuses.

Since I started writing this Blog entry, I also started getting some SPAM with viruses on the malling list of the project in question. After a short research, I found out that I’m not the only one on the list. The list email addresses were harvested and after some further research (thanks to other users on the list), I found out that many zombies are located within the ISP, and theses zombies are sending the emails in question. And to think that the administrator of the web site (and mailing list), told me that only the “index” page had been vulnerable to defacement…

All the excitement around bird flue may lead in the end to a virus epidemic - computer epidemic. According to Panda Software some scam group has used the public’s fear of the Avian flu to spread a computer virus infection.

A new Trojan horse, dubbed “Navia.a” by Panda Software, uses subject heads of “Outbreak in North America” and “What is avian influenza (bird flu)?” to dupe recipients into opening an attached Microsoft Word document. That’s when Navia.a goes old school: the Word document is infected with malicious macros.

SysInternals has posted an interesting article on Sony’s DRM program, and how it appears that Sony has not only built support for DRM, but also have built a Rootkit like program to support their digital rights management scheme:

Last week when I was testing the latest version of RootkitRevealer (RKR) I ran a scan on one of my systems and was shocked to see evidence of a rootkit. Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden (see my “Unearthing Rootkits” article from the June issue of Windows IT Pro Magazine for more information on rootkits).