Posted on July 27th, 2007 by Juha-Matti
Filed under: Web, Commentary, Culture, Virus, Corporate Security | 1 Comment »
During the last years several domains related to mispelled Microsoft.com have been registered, to advertise online casino etc.
But now, the Web site vvindowsupdate.com has been registered.
Did you see the address windowsupdate.com when reading the sentence? You are not alone!
Sunbelt guys are aware that a group behind the registration is affiliated with the infamous VxGame Trojan.
Posted on July 24th, 2007 by Aviram
Filed under: Commentary | No Comments »
Two years ago tomorrow blogs.securiteam.com will celebrate its second birthday. The first post (oddly numbered “2″) was written on July 25th, 2005 when we had only a rough idea on what we want the blogs site to look like, except that we wanted people with passion for security to fill it with content other people with passion for security will like to read. Hopefully we’re on the right track.
Gadi, Sid, Noam and Juha-Matti all picked their favorite posts, highlighting some of my favorites as well. But if I had to pick one post that I especially liked and that reflects what SecuriTeam is about, I will go with Sid’s Accidental backdoor by ISP. The post has all the right characteristics: a full disclosure of a gaping security hole, that spilled over from the matrix into the real world when Sid’s account was disconnected by the offending ISP. Then The Register published the story and it turns out beThere was notified about this problem over a year before it was exposed by Sid - arguers for Full Disclosure couldn’t have planned it better themselves.
I have to admit, though, that in my favorite posts list there’s a close second, also by Sid, published only a short while ago. Foxnews to become a wiki has a similar full disclosure effect, with the added value of dino-kiddie-porn.
Lets hope for another year of exciting security stories, full disclosure and just plain fun.
Posted on July 24th, 2007 by Juha-Matti
Filed under: Web, Commentary, Apple | No Comments »
The following Exploiting the iPhone video (1:20) has been posted to YouTube to demonstrate the recent MobileSafari vulnerability reported by Independent Security Evaluators.
The technical document is located here [PDF].
Posted on July 23rd, 2007 by Sid
Filed under: Commentary, Full Disclosure, Funny, Corporate Security | 4 Comments »
Foxnews.com has taken an unsuspected turn and become an open wiki site. For more info see http://linuxinit.net/site/?id=664. Summary:
While browsing around the Fox News website, I found that directory indexes are turned on. So, I started following the tree up, until I got to /admin. Eventually, I found my way into /admin/xml_parser/zdnet/, in which, there is a shell script. Seeing as it’s a shell script, and I use Linux, I took a peek. Inside, is a username and password to an FTP. So, of course, I tried to login. The result? Epic fail on Fox’s part. And seriously, what kind of password is T1me Out. This is just pathetic.
http://www.foxnews.com/admin/xml_parser/zdnet/grab_zd_files.sh
And here’s something just too funny, something I hope will turn up on xkcd.com
(originally located at http://www.foxnews.com/images/root_images/071907_velociraptor1.jpg, this is a mirrored copy)
Posted on July 23rd, 2007 by noam
Filed under: Commentary, Spam | 1 Comment »
Just weeks after we started getting PDF spam, this morning I received my very first DOC spam. The document spam talks about the usual “I am Barrister Musa Adams a Solicitor. I am the Personal Attorney to MR. Harry Edward Cook a national of your country, who used to work with CADBURY NIGERIA LIMITED, on the 21st of April 2004, my client, his wife and their three children were involved in a car accident along Shagamu Lagos Express Road.” which makes it very uninteresting, but unlike “regular” (non-DOC) spam of this sort, it doesn’t get filtered as documents aren’t currently being scanned for spam.
Now that we are done with PDF and DOC, what is left? 
RTF?
Posted on July 21st, 2007 by Juha-Matti
Filed under: Web, Commentary, Culture, Virus, Physical Security, Interviews | No Comments »
Mr. Robert Lemos of SecurityFocus has released an IM interview of Dream Coders Team - a Russian team behind the MPack kit.
Link:
www.securityfocus.com/news/11476
It’s really worth of reading!
Posted on July 18th, 2007 by xyberpix
Filed under: Commentary, Full Disclosure, Apple, Virus | 1 Comment »
A security researcher going by the name of InfoSec Sellout has claimed to have found an undisclosed security vulnerability in mDNSResponder which he is claiming is remotely exploitable.
At present there is only a prrof-of-concept worm that will leave a file on the system to prove that it’s been exploited, apparently though modifying the payload on this one is a trivial task. This has currently only been tested on Intel Macs, as the author does not have any PPC hardware at his disposal at present.
As yet, the author has not notified Apple about this one, as he does not want to give incomplete research results, but more importantly he is also waiting for compensation from unnamed sources, so this really is an interesting one.
I’m going to try and set up an interview with the author and see what other info he is willing to disclose.
Here’s a few links on this one:
http://www.securityfocus.com/bid/24924
http://infosecsellout.blogspot.com/
Posted on July 16th, 2007 by SecuriTeam
Filed under: Commentary, Spam, Funny | No Comments »
1. Phish an hotmail acount.
2. Send email from the stolen acount to all the friends listed for the person, saying you are stuck in Nigeria and are in an emergency, asking your friends for money to be wired.
http://www.rediff.com///news/2007/jul/16tps.htm
Hillarious!
(thanks Suresh)
Gadi Evron,
ge@linuxbox.org.
Posted on July 14th, 2007 by Aviram
Filed under: Commentary, Full Disclosure, Culture, Google, Corporate Security | 1 Comment »
Yeah, I hate sensational titles with little to no substance just like you do. But I guess at google corporate people are so used to dealing with titles in their search result and adsense products they forgot somebody has to write the content behind the “title” tag.
The sky is falling! So says google in the most content-less article I’ve read since Paris Hilton was released from prison. We can’t tell you how, or why, or how to fix it, or any really useful information besides the fact it is a problem in Java. But we’d really want you to know there’s a problem, or else we wouldn’t have released this information from the leak-proof google security team.
Is the vulnerability even real? Well, does it matter? Disclosing a vulnerability without details is the equivalent of the sound of one hand clapping (here’s an explanation for all you google guys. See, unlike you I try to explain myself).
By the way, I stumbled today on a vulnerability in the google search engine that allows me to take over every browser who visits google.com. Or maybe I didn’t. But feel free to tell zdnet about this phenomenal discovery. That, and my foolproof method to sleep with any woman on the first date (which I won’t disclose due to clear and imminent threat to the human race).
Posted on July 13th, 2007 by Juha-Matti
Filed under: Web, Commentary, Culture, Corporate Security | 2 Comments »
TippingPoint Technologies has released two alerts reporting about vulnerabilities in TippingPoint IPS this week.
The first issue is Signature Evasion type issue reported by Paul Craig, Security-Assessment.com.
3Com’s Alert 07-003
(CVE-2007-3701)
The second one is problem in the handling of fragmented packets.
Bypassing the intrusion prevention system is possible.
3Com’s Alert 07-002
(CVE-2007-3711)
But when looking into disclosure timeline [pdf] of Andres Riancho, Cybsec Security Systems the vendor was contacted on 6th February, 2006 already.
The updated TOS version was released on 4th July, 2007, i.e. last week.
I’m not saying 3Com is slow when fixing vulnerabilities, I think this issue was extremely difficult to resolve. Cybsec will “disclose technical details 30 days after publication of pre-advisory”. Let’s wait!
Posted on July 13th, 2007 by SecuriTeam
Filed under: Commentary, OT | No Comments »
This is a forwarded message from a mailing list I am on. I wrote on my fun blog, but figured it is cool enough to be sent here as OT:.
From: Rick Moen
The ansible has been patented.
—– Forwarded message from Dan Fingerman —–
Date: Thu, 12 Jul 2007 18:04:18 -0700 (PDT)
From: Dan Fingerman
Subject: Patent for hyper-light-speed antenna
U.S. Patent No. 6,025,810 is titled “Hyper-Light-Speed Antenna”. It
claims an antenna that can send and receive information faster than
the speed of light.
The background of the invention is described:
All known radio transmissions use known models of time
and space dimensions for sending the RF signal.
The present invention has discovered the apparent existence
of a new dimension capable of acting as a medium for RE
signals. Initial benefits of penetrating this new dimension
include sending RF signals faster than the speed of light,
extending the effective distance of RF transmitters at the
same power radiated, penetrating known RF shielding devices,
and accelerating plant growth exposed to the by-product
energy of the RF transmissions.
The patent is available at:
http://www.google.com/patents?vid=USPAT6025810
http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=6025810
Posted on July 12th, 2007 by dmitryc
Filed under: Commentary | No Comments »
HillBillySec is set for July 25. I won’t be there (or will I?), but I will plan on attending the August meetup. The meetings will be held at this pub. I hope to meet some of you at these meetings.
Peace,
!Dmitry
Posted on July 11th, 2007 by SecuriTeam
Filed under: Web, Commentary, Spam, Culture, Virus, Phishing, Corporate Security, Insider Threat, Botnets | 2 Comments »
In the past two weeks, ecards became a major threat.
Ecards (or electronic greeting cards) were always a perfect social engineering scheme, open for abuse. With the Storm worm and massive exploitation, I believe it has become prudent to filter out all ecard messages in your email systems.
Further, some training or awareness information on this subject distributed to your organizations could be very useful.
Gadi Evron,
ge@linuxbox.org
Posted on July 9th, 2007 by noam
Filed under: Commentary | 4 Comments »
With the new mobile phone by Neo Advanced I no longer see anything stopping people from doing GSM fuzzing (cheaply) or even attacking the GSM network as well as any infrastructure located on the GSM network. Until recently this kind of testing required (very) expensive hardware now the Linux based phone should solve it.
Update 1: It appears that the GSM drivers aren’t open sourced, so they cannot be easily used to fuzz, but if they aren’t “encrypted/protected” maybe you can use beSTORM’s API fuzzing?
Update 2: I mistakenly gave credit to OpenMoko instead to the phone in the title.
Posted on July 8th, 2007 by SecuriTeam
Filed under: Web, Commentary, Spam, Virus, Phishing, Corporate Security, Insider Threat, DDoS, Botnets, Networking | 2 Comments »
Syngress was kind enough to allow me to post the chapter I wrote for Botnets: The Killer Web Application here as a free sample.
It is the third chapter in the book, and requires some prior knowledge of what a botnet C&C (command and control) is. It is basic, short, and to my belief covers quite a bit. It had to be short, as I had just 5 days to write it while doing other things, and not planning on any writing, but it is pretty good in my completely unbiased opinion. 
You can download it from this link:
http://www.beyondsecurity.com/whitepapers/005_427_Botnet_03.pdf
For the full book, you would need to spend the cash.
Enjoy!
Gadi Evron,
ge@linuxbox.org.
Subscribe
Subscribe