October 2006

SCADA Watch: Hackers Penetrate Water System Computers

fergie (paul ferguson) just sent this to funsec:

from the duh-its-a-bot-department!

via abc news’ “the blotter”.

[snip]

a foreign hacker who penetrated security at a harrisburg, pa., water
filtering plant is under investigation by the fbi for planting
malicious software capable of affecting the plant’s water treatment
operations, abc news has learned.

the hacker tried to covertly use the computer system as its own
distribution system for e-mails or pirated software, officials told abc.

Old Internet Explorer Window Injection Vulnerability strikes to IE7

First we had Internet Explorer 7 “mhtml:” Redirection Information Disclosure issue and then Internet Explorer 7 Popup Address Bar Spoofing Weakness was reported.

Windows Injection case was originally discovered by Secunia Research guys in November 2004 already. MSIE versions 5.01, 5.5 and 6.0 are unpatched still and Mr. Per Gravgaard reported Internet Explorer 7 as affected today via new SA22628 advisory.

Microsoft Internet Explorer team had almost two years to fix the issue but they didn’t fix it.

Test link is located at the following URL:

secunia.com/multiple_browsers_window_injection_vulnerability_test/ 

RFIDIOt released RFID E-passport skimming PoC

Mr. Adam Laurie, UK has recently posted the demonstration code (Python) which

…will exchange crypto keys with the passport and read and
display the contents therein, including the facial image and the
personal data printed in the passport. Currently the data read is
limited to the following objects:

…..

Project site www.rfidiot.org (it stands for “RFID IO tools“) has other RFID passport related material as well.

This week with reported vulnerabilities in First-Generation RFID enabled credit cards is not good news to RFID technology! These NBC Today video and YouTube demonstration video show the skimming attack etc.

I’m not saying “Enjoy!”, I’m saying “Be careful!”