You don’t hear this much but there’s an interesting article in defense of security theater.
We’re working on restoring the original System7 file archive. You can view what we’ve restored over at Files.System7. We’ve replaced the user /credit system with the ReCaptcha service. We don’t want users to register (which no one likes) but we also want to protect ourselves from leechers aka wget’ers.
If you haven’t heard how ReCaptcha works, not only does it block bots & spam but it performs a beneficial community OCR service at the same time. Every time you complete a captcha you’re also helping decipher a word which couldn’t be understood by a scanner (OCR). Currently your efforts are being used to aid in digitizing old versions of the New York Times. Honestly, not sure how that helps the starving children of Africa…
Using ReCaptcha, you’re given 2 words in the captcha phrase, 1 is known and 1 is unknown. If you type the known word correctly it will assume you also knew the word which OCR could not interpret. (The unknown word is actually given to multiple people and they must all have the same answer for it to be accepted). Read more about ReCaptcha here…
I previously wrote about how you could get a knife on board a plane without first having it in your luggage or on your person. Now some folks have done a study and tested various “safe” objects and how lethal they are by using a dead pig (stabbing the pig’s neck, measuring blood loss). If that’s not enough, someone leaked a copy of the TSA’s Screening Standard Operating Procedures which is out there on Wikileaks. There’s a great article titled ‘TSA: Worst Than Useless‘ which I recommend everyone read.
It’s great the TSA employs people. But why not keep paying them and allow them to just stay at home? They inconvenience so many people and don’t provide any value; as Schneier says, it’s complete security theatre. I understand that unemployment is very high today in the United States (> 10%). Why not create something like the Tennessee Valley Authority and pay folks to work on public projects even if it’s picking up trash or beautifying state parks?
I previously posted about search engine Ask.com’s AskEraser privacy feature. After reading this article from the Electronic Frontier Foundation (EFF), Several Facts about Google and HTTPS, I learned about the ixquick search engine which appears to have an even better privacy policy.
ixquick highlights:
- doesn’t record your IP address
- creates NO unique cookie IDs
- privacy data deleted within 48 hours
- uses POST instead of GET requests to further mask search data
- EU endorsed (and EU has some of the best privacy laws in the world)
On a side note, here’s the 2005 CNET article where Google was used to discover several personal details about Google CEO Eric Schmidt.
PaulDotCom has an excellent penetration testing presentation covering your primary 6 tools: nmap, nessus, hydra, pass-the-hash, metasploit, and cain & abel. Check it out here: http://pauldotcom.com/TriplePlay-NetworkPenTestingTools.pdf
I previously talked about a blacklisting method to reduce the number of ssh brute force attempts against your machine. When you follow a blacklisting methodology, in theory, it could never end which is why people are screaming ‘whitelist’ today. If you’re not ready to deny all and not absolutely sure of which IP you’ll be riding in on (back to home base) then you may want to take a look at the options below…
Most brute forcing today usually comes from Asia or Eastern Europe — blocking continents (if you can get away with it) is great practice. Below are some links where you can copy & paste problematic IP ranges into your .htaccess or hosts.deny file….
Country IP Blocks – choose a country and select the output in many formats (CIDR, hosts.deny, etc)
Just saw this at the Internet Storm Center…Analyzing Malicious Documents Cheat Sheet Some really great info covering Microsoft Office documents and PDFs. Mentions some useful tools to help with analysis and the general approach to be followed depending on type of document.
GPS Forensics & Google Earth
Nov 26
I previously wrote about online GPS Forensic references and wanted to put them to use. I had a suspicion that my girlfriend has been seeing another man. When she was at work I grabbed her GPS (Garmin Nuvi 205) and connected it via USB (don’t forget a write blocker). For Garmin models, the file you want to look for is “Current.gpx”
Once I copied Current.gpx, I installed Google Earth. Earth actually imports several different GPS data/location files. Earth parsed all the recent destinations entered into the GPS and loads them as waypoints. It makes it very convenient to find out where someone has been, where they might live (home location), etc. Think about all the applications i.e. rental car GPS units.
***If you don’t want to use Earth you can open the gpx file in a text editor (simple XML). You’ll be looking at lat/longitude coordinates that you can plot yourself.
I’ve seen several folks wondering how to setup the De-Ice pentest environments in a virtual machine. It’s actually a fairly simple setup and I’ve included the steps needed below….
Here’s the config I used to get level 1(1.100) working:
- Configure the De-Ice VM Guest for Host Only networking
- Modify routing on host VM: “ifconfig 192.168.1.X vboxnet0” — X can be anything that’s not in use; vboxnet0 would be the name of the virtual interface – in this case I’m using Virtual Box.
- Modify host routing table: route -add host 192.168.1.100 vboxnet0 — – this is biggest problem for people; make sure your host is using the correct interface to find De-Ice
Here’s the config I used to get level 2 (2.100) working:
- Configure the De-Ice VM Guest for Host Only networking
- Modify routing on host VM: ifconfig 192.168.2.X vboxnet0
- Modify host routing table: route -add host 192.168.2.100 vboxnet0
DD-WRT Rollback
Nov 19
I previously wrote about installing and using the alternative linksys firmware, DD-WRT. Well, after running DD-WRT for about 5 months I’ve decided to roll back to the original linksys firmware. Here’s my reasoning:
- My linksys wrt54g v8 was only capable of running dd-wrt MICRO. Micro has the least amount of features of any of the dd-wrt releases (the linksys doesn’t have enough nvram to store any more features/applications)
- IPtables support was crippled in dd-wrt micro v24 that I was running. I wanted to setup a span/mirror port which was not possible (at least not for me). I’ll have to spend a few bucks now and buy a hub (if i can find one anywhere! No one seems to sell hubs..)
- The DD-WRT was randomly forgetting all of its settings (port forwardings etc, which was causing me to lose all remote access to my machines). DD-WRT doesn’t run SSH at the micro level and there’s no way I’m leaving telnet open publicly.
- DD-WRT was unreliable. I had to reboot it at least once a month because it would lock up and stop routing packets.
Has anyone tried OpenWRT?