Security Hacks

1542 Articles

BackTrack 3 Final Is Out

June 20, 2008 by 9 Comments


OpenSuse and Ubuntu are perfectly serviceable Linux distros, but we’ve had a soft spot for BackTrack from the very start. Good news for us, since yesterday was the long awaited release of BackTrack 3 Final. It uses the same 2.6.21.5 kernel as before (to maintain WiFi injection compatibility) and Nessus is still out, but it is not without a great deal of other improvements. Its forensic capabilities are better than ever, largely due to included apps like a fully functional version of SAINT and a special version of Maltego made just for BackTrack. The download is free, but Remote-Exploit is asking users not to distribute it without notifying them first, because they’re trying to keep track of the number of downloads.

[via Midnight Research Labs]

Finding Sensitive Data With Freeware

June 20, 2008 by 1 Comment


When an organization’s network grows to a certain size, its difficult to keep track of every single piece of sensitive information like credit card numbers or social security numbers. In order to find and secure this data, companies often turn to data loss prevention (DLP) services. This is not a viable option for many organizations, though, as DLP services can often be expensive and time-consuming to deploy.

Such organizations are not entirely without options: a recent article on Dark Reading lists several DLP tools authored by teams from various universities, all free to download and use. Programs like The University of Texas at Austin’s Sensitive Number Finder and Virginia Tech’s Find_SSN were designed to find pieces of data on computers and servers formatted in ways typical to sensitive information (xxx-xx-xxxx for SSNs, for example). This approach can often lead to false positives, so some measure of human control is required. They are also incapable of scanning application servers or other forms of data in transit. Cornell’s Spider can scan various application server types using different protocols. When used in conjunction, all of these apps can help secure your data without the expense of outsourcing the job.

Eavesdropping Encrypted Compressed Voice

June 19, 2008 by 1 Comment


A team from Johns Hopkins University has discovered a way to eavesdrop on encrypted voice streams. Voice data like the kind used by Skype for its VoIP service sends encrypted packets of varying sizes for different sounds. The team learned that by simply measureing the size of the packets, they could determine what was being said with a high rate of accuracy. VoIP providers often use a variable bit rate to use bandwidth more efficiently, but it is this compression that makes audio streams vulnerable to eavesdropping.

The team’s software is still in its early stages of development, yet incapable of parsing entire conversations. It is capable, though, of finding pre-determined keywords and inferring common phrases bases on the words it detects. It also has a higher rate of accuracy in identifying long complicated words than short ones. The team’s goal was not to eavesdrop, but to expose the vulnerability; team member [Charles Wright] notes, “we hope we have caught this threat before it becomes too serious.”

[via Schneier on Security]
[photo: altemark]

Neutering The Apple Remote Desktop Exploit

June 19, 2008 by 5 Comments


Yesterday, Slashdot reported a privilege escalation vulnerability in OSX. Using AppleScript you can tell the ARDAgent to execute arbitrary shell script. Since, ARDAgent is running as root, all child processes inherit root privleges. Intego points out that if the user has activated Apple Remote Desktop sharing the ARDAgent can’t be exploited in this fashion. So, the short term solution is to turn on ARD, which you can do without giving any accounts access privileges. TUAW has an illustrated guide to doing this in 10.4 and 10.5.

DecaffeinatID: Simple Security Log Monitor

June 18, 2008 by 11 Comments

Irongeek put together a simple program for monitoring network shenanigans when you’re on an untrusted network like the coffee shop. It sits in the Windows Systray and notifies you about a variety of events. It alerts you when it sees the MAC address of the IP gateway change. It watches the security log and warns you of any attempted or successful logins. The firewall log is also monitered. Try it out and send him any bug reports/feature requests you might have.

Firefox 3 Vulnerability

June 18, 2008 by 1 Comment


TippingPoint’s Zero Day Initiative reported a critical vulnerability affecting Firefox 3.0 yesterday. It includes the 2.0 versions as well. It’s unreleased and Mozilla is working on a fix already. Whatever the exploit is, it does require the user to visit a malicious site or click a link to executed. It came in 5 hours after the FF3 release, but since it affects previous versions, we wonder if the researcher was just sitting on it to be first. The Zero Day Initiative pays researchers for the exploits they submit.

SonicWALL Still Hates Us

June 18, 2008 by 34 Comments


In case you’ve ever wondered, “why don’t I ever run into those Hack a Day scamps at the Panera?” It’s because SonicWALL thinks we’re a “Hacking/Proxy Avoidance Systems” and the more inexplicable “Usenet News Groups.” We’ve gotten many reports from readers over the years about getting blocked by various vendors’ proxies. Do you have any trouble viewing Hack a Day from your school/work? What “service” are they using? We use ssh’s application level dynamic port forwarding to get around most systems when we’re on the road.