System7

Spread the word, information is free.

How to detect an ATM skimmer

May 25

Posted by The Gunslinger in privacy, security | No Comments

I subscribe to the Privacy Rights Clearinghouse newsletter.  If you’ve not been to this site before and you’re interested in privacy it’s a worth while bookmark.  They recently published their ‘Summer Vacation – Privacy Primer‘ which has an interesting article on spotting ATM skimmers.  Skimmers are hard to detect; your best recommendation is to stick with cashing checks through a teller (or rely on your credit card if you have the self control)  Personally I’m guilty of believing I’m not at risk living in the suburbs; unfortunately it will take a come to Jesus moment (ahem, getting burnt) to slap some reality in me.

You can view the ATM Skimmer Awareness presentation here.

http://www.privacyrights.org/summer-vacation-privacy-identity-theft

Tags: , ,

Google beta’s SSL for web searches

May 24

Posted by The Gunslinger in google, news, privacy | No Comments

According to this H article, Google is beginning to beta a new feature of providing SSL for their standard web search service. As one commenter noted, Google is still collecting the same information from your searches but this will limit 3rd parties from eavesdropping on your search queries. Remember SSL doesn’t guarantee absolute privacy as there’s Moxie Marlinspike’s work, chance of CA intermediaries, and your employer loading their own trusted CA’s into your corporate devices.

Tags: , ,

Sourcefire’s “What would you do with a pointer and a size?”

May 22

Posted by The Gunslinger in news | 4 Comments

The Sourcefire Vulnerability Research Team (VRT) has an interesting project related to (near) real time detection of malicious data passing through an ingress/egress point.  Specifically they’re attempting to use this technology to detect malicious PDF’s.  Unfortunately right now you can’t scan the documents in real time without hurting the user experience.  Options would be to queue PDF’s until analyzed or attempt to post re-mediate malicious PDF’s that have been passed through (recall & purge).  They’ve released their real time framework and are looking for user snippets to perform detection of malicious data.  (think gluing some of Didier’s PDF analysis scripts together….)

*In case you’re unaware, Sourcefire is the maker of Snort IDS.

do you know where your pr0n is?

May 21

Posted by The Gunslinger in networking, news | No Comments

In 2008, Data Loss Prevention (DLP) was becoming the latest trend, hype, buzzword.  This slowed down in 2009 as with most technology because of everyone tightening their belt (purse strings).  I’ve been wondering how long it was going to take for an open source DLP solution to take off.  Please correct me if I’m wrong but it appears opendlp may be the first on the scene.  While still in its infancy (at a minor 0.2.1 release) it already has a web front end and a deployable agent for clients (monitoring data at rest).  It supports regular expressions which should make it flexible.  Without a WYSIWYG policy builder like you’re getting with off the shelf products you’re sacrificing ease of use vs. power and flexibility.

So far I’ve only used a pilot of Symantec’s (formerly Vontu) DLP product for my employer.  I had a blast testing it out on the network especially because of its flesh tone filter (if flesh_tone_filter then email me pr0n).  It’s a shame we may not see flesh tone filtering in opendlp any time soon; isn’t knowing where the pr0n is more important than the company’s lifeblood, intellectual property?

Tags: ,

Apache’s breach disclosure and podcast interview

May 4

Posted by The Gunslinger in news, security | No Comments

The Apache foundation has received a lot of praise from the security community recently for their uncensored disclosure of a recent breach.  (In case you missed the story, you can read Apache’s write up of the incident here) This goes back to the security community lobbying for full breach disclosure especially by private sector where we’re seeing it the least.  It’s the prisoner’s dilemma and so far we’re all getting screwed.

That being said, Philip M. Gollucci from the Apache Infrastructure team did an excellent interview on the Eurotrash Podcast.  You can download the mp3 here.

http://blogs.apache.org/infra/entry/apache_org_04_09_2010

Analyzing Malicious PDF Documents

Apr 20

Posted by The Gunslinger in forensics, malware, news, security | No Comments

So you want to get your feet wet?

  1. Grab Didier Stevens tools here: http://blog.didierstevens.com/programs/pdf-tools/
  2. Grab malicious PDF samples here: http://www.malwaredomainlist.com/mdl.php?search=pdf+exploit&colsearch=All&quantity=50 *Be careful, these are live samples!
  3. Video Tutorial: Didier on analyzing a PDF Document: http://www.youtube.com/v/tHVi2wKCkTc
  4. You’re going to run into some heavily obfuscated JavaScript.  Read this article: http://isc.sans.org/diary.html?storyid=2358
  5. Other deobfuscation tools: Malzilla, SpiderMonkey (need to handle document.write), debug via Rhino, Firefox add-on (haven’t tried this one)

Tags: , , , ,

Podcast about ICANN, root dns servers, Chinese domination and more!

Apr 18

Posted by The Gunslinger in networking, news | No Comments

I try to catch the weekly NPR Technology podcast.  This week there’s an interesting segment about ICANN, VeriSign and their root nameservers, as well as China’s desire to wrestle control of the internet.  You can get the podcast here: http://podcastdownload.npr.org/anon.npr-podcasts/podcast/1019/126006147/npr_126006147.mp3

*You need to advance to 5:00minutes into the podcast for this segment (unless you want to listen about Cuban bloggers)

Google & Privacy

Apr 16

Posted by The Gunslinger in google, news, privacy | No Comments

Bruce Schneier recently posted an article about the erosion of privacy.  Specifically how the social networking sites are accelerating this “privacy decay.”  Along with attacked social networking sites he through in Google.  I just came across an interesting Forbes article where a Google engineer rebukes Schneier. You can find that article here: http://www.forbes.com/2010/04/12/privacy-facebook-gmail-technology-security-google.html

Two interesting tidbits in the article are Google’s privacy control pages which you may not be aware of:

  1. Google Dashboard – Control your Google privacy settings for all of google’s applications
  2. Ads Preferences Manager – Control whether ads are tailored to your viewing habits or not.  You can opt out here.  *Warning this site sneakily redirects through doubleclick.net — bastards!

More must have Firefox add-ons

Apr 14

Posted by The Gunslinger in security | 2 Comments

Add-on recommendation #1: Conspiracy

There’s been a lot of discussion recently about the Certificate Authority (CA) paper, “Detecting and Defeating Government
Interception Attacks Against SSL” that was published.  It turns out governments could compel CA’s to issue the them(or any law enforcement body) an intermediate CA certificate.  This then allows that body to trivially perform a man in the middle attack (MitM) against any client with any server (Google, Microsoft, insert your bank here).

In case you don’t enjoy reading 20 page white papers, besides the brief summary above, you want to check out the experimental Firefox add-on ‘Conspiracy‘.  It was written by the authors of the paper and it displays the country name/flag of the CA for the current page you’re on.  If you’re visiting your bank or web-mail client and notice you’re trusting a Chinese or Russian CA you might want to think twice before entering your credentials.  You can get the add-on here: https://addons.mozilla.org/en-US/firefox/addon/107867

Add-on recommendation #2: Request Policy

This morning I was listening to the most recent Pauldotcom security podcast.  They interviewed RSnake who is an expert regarding web security.  He mentioned a great Firefox addon which helps create rules to block cross site requests.  This is more fine grained control than running NoScript.  You can grab the add-on here: https://addons.mozilla.org/en-US/firefox/addon/9727

One more vulnerable web project….

Apr 2

Posted by The Gunslinger in pentest, security | No Comments

Back in November I posted a list of intentionally vulnerable web applications for educational purposes.   You can find that list here: http://www.system7.org/2009/11/05/test-your-web-pentest-skillz/

A new one to add to the list is OWASP’s Broken Web Application Project.  There was a great talk at Shmoocon about the project.  This project might end up taking the gold medal in vulnerable web application projects. They plan to include versions of actual applications you see in the wild (Yazd, WordPress, phpBB) and all of the other web app testing projects (Damn Vulnerable Web App, Mutillidae, WebGoat).