Default Password Network Scanning

Midnight Research Labs has just published a new tool. Depant will scan your network and check to see if services are using default passwords. It starts by performing an Nmap scan to discover available services on the network. It organizes these services by speed of response. Using Hydra it does brute force password checking of these services with a default password list. The user can supply an alternate list for the first phase or an additional list to be used in a followup check. Depant has many different options for configuring your scan and will certainly help you find that rogue piece of hardware on your network that someone failed to set up securely.

Buy An Eee Box And Get A Free Virus

Some of the Eee Box PCs have been shipped with viruses on board and ready to go. The virus was sitting on the D: drive, labeled as recycled.exe. As soon as that drive is opened, the virus is unleashed on the other drives and removable media attached. Strangely, Microsoft has come to the rescue as their Malicious Software Removal Tool detects it and removes it. This was only on some models, and apparently mostly in Japan.

Before you denounce ASUS for this oversight keep in mind that they make things that we really want, such as the touch screen Eee PC promised in 2009.

[via Gizmodo]

ATM Skimmers With SMS

You may want to be more careful where you put that ATM card. There are now ATM skimmers with SMS notification. ATM skimmers are placed over real ATM slots and the information off the cards as they’re inserted. The new models will send the skimmed information via SMS notifications to a phone that’s attached to a computer. This solves the problem of scammers needing to retrieve their skimmers without attracting the attention of police. ATM skimmer manufacturers have so far been really successful because of their commitment to security, from the paint they use to cover their skimmers to their exclusive clientele. The manufacturer of this particular model claims that none of their clients who’ve used this new ATM skimmer has been arrested, and they only accept business from “recommended” clients. We think it’s interesting and ironic how these criminals have adapted their security procedures to deal with institutions we wish were more secure.

Yahoo! Employee Accused Of Involvement With Terrorists

[Mohammed Mansoor Asghar Peerbhoy], a software engineer at Yahoo!’s Indian facility, has been accused of involvement with one of India’s most-wanted terrorist organizations, the Islamic Mujahideen. According to investigators, [Peerbhoy] wrote and sent emails just before and after terrorist attacks in Delhi, Ahmedabad in Gujarat, and Jaipur in Rajasthan. [Peerbhoy] makes an unlikely suspect; he visited the U.S. on several occasions for work without suspicion, but authorities claim that he was a “mastermind” who hacked into wireless internet sites to send hostile emails. The local community and his family have rallied around [Peerbhoy], calling the arrest an attempt to “defame the Muslim community”. There are also claims that his arrest, and other similar arrests, were made to soothe political pressures and not based on any factual evidence.

[photo: josemurilo]

Quantum Cryptography In-band Attack

Quantum cryptography is an emerging field, but low install base hasn’t kept researchers from exploring attacks against it. It’s an attractive technology because an attacker sniffing the key exchange changes the quantum state of the photons involved. All eavesdroppers can be detected because of this fundamental principal of quantum mechanics.

We’ve seen theoretical side-channel attacks on the hardware being used, but had yet to see an in-band attack until now. [Vadim Makarov] from the University of Science and Technology in Trondheim has done exactly that (Internet Archive). Quantum key distribution systems are designed to cope with noise and [Makarov] has taken advantage of this. The attack works by firing a bright flash of light at all the detectors in the system. This raises the amount of light necessary for a reading to register. The attacker then sends the photon they want detected, which has enough energy to be read by the intended detector, but not enough for the others. Since it doesn’t clear the threshold, the detectors don’t throw any exceptions. The attacker could sniff the entire key and replay it undetected.

This is a very interesting attack since it’s legitimate eavesdropping of the key. It will probably be mitigated using better monitoring of power fluctuations at the detectors.

[via I)ruid]

Avoiding OS Fingerprinting In Windows

[Irongeek] has been working on changing the OS fingerprint of his Windows box. Common network tools like Nmap, P0f, Ettercap, and NetworkMiner can determine what operating system is being run by the behavior of the TCP/IP stack. By changing this behavior, you can make your system appear to be another OS. [Irongeek] started writing his own tool by checking the source of Security Cloak to find out what registry keys needed to be changed. His OSfuscate tool lets you define your own .os fingerprint file. You can pretend to be any number of different systems from IRIX to Dreamcast. Unfortunately this only works for TCP/IP. Other methods, like Satori‘s DHCP based fingerprinting, still work and need to be bypassed by other means. Yes, this is just “security through obscurity”, but it is something fun to play with.

Helix V2.0 Released

Helix 2.0 has been released.  Helix is a collection of various tools for electronic forensics.  Just like on TV, you can use this to find all kinds of information on a computer.  Some of the useful tools added were Winlockpwn a tool for breaking windows security, Volitility which processes data out of the raw memory, and several other tools that are beyond our comprehension.

You’ve undoubtedly noticed that the title says Helix V2.0, but the image and header of the Helix site say 3.  We have no idea why. Look at the download info to see that it says V2.0.

[Via Midnight Research labs]