Security Hacks

1523 Articles

Crawling + SQL Injection With Scrawlr

June 24, 2008 by 3 Comments

Scrawlr is the latest tool to come out of HP’s Web Security Research Group. It was built in response to the massive number of SQL injection attacks happening on the web this year. Most of these vulnerable sites are found through googling, so Scrawlr works the same way. Point it at your web server and it will crawl all of the pages and evaluate the URL parameters to see if they’re vulnerable to verbose injection. It reports the SQL server and table names if it comes across anything.

It only supports 1500 pages right now and can’t do authentication or blind injection. It’s still a free tool and a great way to identify if your site is vulnerable to automated tools finding you website via search engines.

[via Acidus]

Open Source Data Recovery Tools

June 24, 2008 by 6 Comments


InformationWeek has great article on open source data recovery tools. What type of tools you use will depend on the severity of the situation. You can use live Linux distros designed for recovery like SystemRescueCD or Partedmagic (the latter being more user friendly). Security tools distrubutions like BackTrack can also be helpful; Helix in particular was designed for forensics work. dd is a standard *nix tool for imaging drives, but something like TestDisk can help you repair partition tables for whole disk recovery. Most deletion operations don’t overwrite the data which means you can use file carving to capture the lost files. PhotoRec is able to find files in a number of common formats. Finally, if you’ve got some serious forensic work ahead of you there’s The Sleuth Kit and many other command line tools.

As an addendum, OStatic put together a list of 5 freeware tools for protecting your system.

BackTrack 3 Final Is Out

June 20, 2008 by 9 Comments


OpenSuse and Ubuntu are perfectly serviceable Linux distros, but we’ve had a soft spot for BackTrack from the very start. Good news for us, since yesterday was the long awaited release of BackTrack 3 Final. It uses the same 2.6.21.5 kernel as before (to maintain WiFi injection compatibility) and Nessus is still out, but it is not without a great deal of other improvements. Its forensic capabilities are better than ever, largely due to included apps like a fully functional version of SAINT and a special version of Maltego made just for BackTrack. The download is free, but Remote-Exploit is asking users not to distribute it without notifying them first, because they’re trying to keep track of the number of downloads.

[via Midnight Research Labs]

Finding Sensitive Data With Freeware

June 20, 2008 by 1 Comment


When an organization’s network grows to a certain size, its difficult to keep track of every single piece of sensitive information like credit card numbers or social security numbers. In order to find and secure this data, companies often turn to data loss prevention (DLP) services. This is not a viable option for many organizations, though, as DLP services can often be expensive and time-consuming to deploy.

Such organizations are not entirely without options: a recent article on Dark Reading lists several DLP tools authored by teams from various universities, all free to download and use. Programs like The University of Texas at Austin’s Sensitive Number Finder and Virginia Tech’s Find_SSN were designed to find pieces of data on computers and servers formatted in ways typical to sensitive information (xxx-xx-xxxx for SSNs, for example). This approach can often lead to false positives, so some measure of human control is required. They are also incapable of scanning application servers or other forms of data in transit. Cornell’s Spider can scan various application server types using different protocols. When used in conjunction, all of these apps can help secure your data without the expense of outsourcing the job.

Eavesdropping Encrypted Compressed Voice

June 19, 2008 by 1 Comment


A team from Johns Hopkins University has discovered a way to eavesdrop on encrypted voice streams. Voice data like the kind used by Skype for its VoIP service sends encrypted packets of varying sizes for different sounds. The team learned that by simply measureing the size of the packets, they could determine what was being said with a high rate of accuracy. VoIP providers often use a variable bit rate to use bandwidth more efficiently, but it is this compression that makes audio streams vulnerable to eavesdropping.

The team’s software is still in its early stages of development, yet incapable of parsing entire conversations. It is capable, though, of finding pre-determined keywords and inferring common phrases bases on the words it detects. It also has a higher rate of accuracy in identifying long complicated words than short ones. The team’s goal was not to eavesdrop, but to expose the vulnerability; team member [Charles Wright] notes, “we hope we have caught this threat before it becomes too serious.”

[via Schneier on Security]
[photo: altemark]

Neutering The Apple Remote Desktop Exploit

June 19, 2008 by 5 Comments


Yesterday, Slashdot reported a privilege escalation vulnerability in OSX. Using AppleScript you can tell the ARDAgent to execute arbitrary shell script. Since, ARDAgent is running as root, all child processes inherit root privleges. Intego points out that if the user has activated Apple Remote Desktop sharing the ARDAgent can’t be exploited in this fashion. So, the short term solution is to turn on ARD, which you can do without giving any accounts access privileges. TUAW has an illustrated guide to doing this in 10.4 and 10.5.

DecaffeinatID: Simple Security Log Monitor

June 18, 2008 by 11 Comments

Irongeek put together a simple program for monitoring network shenanigans when you’re on an untrusted network like the coffee shop. It sits in the Windows Systray and notifies you about a variety of events. It alerts you when it sees the MAC address of the IP gateway change. It watches the security log and warns you of any attempted or successful logins. The firewall log is also monitered. Try it out and send him any bug reports/feature requests you might have.