System7

Spread the word, information is free.

Archive for category security

Google privacy video’s and privacy podcast

Jan 28

Posted by The Gunslinger in news, privacy | 1 Comment

On the way to work this morning I was listening to the Silver Bullet podcast interviewing Dr. Lorrie Cranor (Comp Sci professor at Carnegie Melon).  I recommend listening to this episode if you’re at all interested in privacy in the digital age and how it has been evolving.  Actually, how is society reacting or non-reacting to privacy in a new medium.  There are some interesting studies about how well people can decipher privacy policies and how most companies keep their policies convoluted.  An interesting mention is the idea of having privacy policies follow a “nutritional label” format which would be great for the layman like myself to read :-)

Cranor helped create the P3P Standard: http://www.w3.org/P3P/ It’s been approved by the W3C and has even been supported in IE6-8.  Sadly, I don’t think many webmasters are aware of it.

Dr. Cranor also mentions how Google is making an attempt to clarify their privacy policy as folks start to wonder if Google can reach the point of too much information (Enemy of the State and Minority Report).  Long story short, Google is creating video’s with real people explaining the privacy policies of their different applications.  Kudos to Google on this: http://www.youtube.com/user/googleprivacy

Malware authors: Best storage / hiding locations

Jan 26

Posted by The Gunslinger in malware, security | No Comments

Have you just injected a running process’ memory?  In most cases, unless your an adept author and have written a root-kit you want your malware to remain persistent via auto-run, registry, start-up etc.  Where do you store your persistent launcher?  A clever idea would be to determine what AV the victim is running — if any :-)   Once you determine which AV is running you should check whether or not any files or directories are excluded from scanning.  If so you’ve just found the perfect location for your loader.

Here’s what I’ve come up with so far:

AVG – Configuration files in binary format; No registry entries

Microsoft Security Essentials:  HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths

Trend: Check out these registry locations:

  • HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList\;
  • HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Prescheduled Scan Configuration (ExcludedFile & Excluded Folder keys)
  • HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration (ExcludedFile & Excluded Folder keys)
  • HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Scan Now Configuration (ExcludedFile & Excluded Folder keys)

**Here’s a Microsoft KB article about their recommended locations for exclusion: http://support.microsoft.com/kb/822158

Quickly assess your PHP infrastructure security: PHPSecInfo

Jan 25

Posted by The Gunslinger in pentest, security | No Comments

From their homepage: PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.

Combine this tool with my  ‘Assault on PHP Applications’ blog entry and this recent ‘Web Security‘ article and you’ll be a fairly competent web pen-tester.

National Security Agency recruiting

Jan 21

Posted by The Gunslinger in news, security | No Comments

I’ve been reading Stephen Levy’s Crypto which gives a nice history of public cryptography (vs. private crypto which has been around much longer) and follows Whit Diffie at least in the chapters I’ve read so far.  I will post a full review once I finish the book.  In the meantime, Levy mentions the NSA’s involvement with creation of the Data Encryption Standard (DES) and pressuring IBM to reduce the key size to 56bits.
The book really has me wondering where and how the NSA is recruiting such top talent (mathematics, scientists, engineers).  I’ve been scouring the web and haven’t been able to find much information.  I find it hard to believe that the NSA sits back and waits for top talent to approach it.  I’m thinking of the usual nerd stereotype: aspergers and introverted.  I just can’t imagine these folks dying to work for the government in a stuffy cubicle from 08:00-17:00.

I came across one well documented account of someone’s experience with the actual NSA interview process: http://www.fas.org/irp/eprint/nsa-interview.pdf Unfortunately, he was not accepted.

I know nowadays the NSA appears at college career fairs and can even be found on facebook.  However, what was the process 50 years ago during the height of the cold war?
Is the NSA secretly recruiting? Monitoring doctoral dissertations and white papers and then approaching the authors? I’ve heard from folks that the three letter agencies have plants on college campuses watching for potential rising stars.

The private sector may be winning over candidates because of the salary gap.  However, the NSA still has the allure of the best technology, biggest budget, and access to the most information (beat that Google!).

Security news, feeds, and alerts

Jan 19

Posted by The Gunslinger in news, security | No Comments

I found a comprehensive list of Security news[letters], feeds, and alerts here: http://www.gideonrasmussen.com/news-alerts.html It’s definitely worth checking out as  I found a few lists that I wasn’t aware of.

FYI – Here’s my personal list of favorites (in no particular order):

Pay to have your neighbor’s wireless cracked

Jan 18

Posted by The Gunslinger in networking | No Comments

I just found this article about a new service run by Marlin Moxiespike (from sslsniff fame).  He has created WPA Cracker which uses the cloud (his 100 cpu quad processor cluster) to crack WPA and WPA2 (PSK only) handshake captures.  So for $17 and the handshake capture you should have your password with 20 minutes.

Related: Using airodump-ng to capture the authentication handshake.

Update: Search engines with best privacy policy

Dec 11

Posted by The Gunslinger in privacy | 1 Comment

I previously posted about search engine Ask.com’s AskEraser privacy feature.  After reading this article from the Electronic Frontier Foundation (EFF), Several Facts about Google and HTTPS, I learned about the ixquick search engine which appears to have an even better privacy policy.

ixquick highlights:

  • doesn’t record your IP address
  • creates NO unique cookie IDs
  • privacy data deleted within 48 hours
  • uses POST instead of GET requests to further mask search data
  • EU endorsed (and EU has some of the best privacy laws in the world)

On a side note, here’s the 2005 CNET article where Google was used to discover several personal details about Google CEO Eric Schmidt.

Pen Testing 101 Presentation

Dec 9

Posted by The Gunslinger in pentest | No Comments

PaulDotCom has an excellent penetration testing presentation covering your primary 6 tools: nmap, nessus, hydra, pass-the-hash, metasploit, and cain & abel.  Check it out here: http://pauldotcom.com/TriplePlay-NetworkPenTestingTools.pdf

Secure your machine…Whitelist

Dec 8

Posted by The Gunslinger in networking, security | No Comments

I previously talked about a blacklisting method to reduce the number of ssh brute force attempts against your machine.  When you follow a blacklisting methodology, in theory, it could never end which is why people are screaming ‘whitelist’ today.  If you’re not ready to deny all and not absolutely sure of which IP you’ll be riding in on (back to home base) then you may want to take a look at the options below…

Most brute forcing today usually comes from Asia or Eastern Europe — blocking continents (if you can get away with it) is great practice.  Below are some links where you can copy & paste problematic IP ranges into your .htaccess or hosts.deny file….

Apache .htaccess block format

Country IP Blocks – choose a country and select the output in many formats (CIDR, hosts.deny, etc)

‘Analyzing Malicious Documents’ cheat sheet

Dec 7

Posted by The Gunslinger in malware | No Comments

Just saw this at the Internet Storm Center…Analyzing Malicious Documents Cheat Sheet Some really great info covering Microsoft Office documents and PDFs.  Mentions some useful tools to help with analysis and the general approach to be followed depending on type of document.