Rodney Campbell's Blog

User tricks, security treats

Thirteen malevolent spirits may haunt the halls and cubicles of your company, and if you’re going to scare them into security compliance you may need to get a little bit spooky yourself.

Metasploit Version 2.7 Released

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research.

USB Hacksaw and USB Switchblade from Hak5

The USB Hacksaw is an evolution of the popular USB Switchblade that uses a modified version of USBDumper, Blat, Stunnel, and Gmail to automatically infect Windows PCs with a payload that will retrieve documents from USB drives plugged into the target machine and securely transmit them to an email account.

Future-proof your IT security

Small, targeted incursions are the next wave of attacks compromising enterprise networks.

Backdoors and Holes in Network Perimeters (pdf)

A Case Study for Improving Your Control System Security.

How Encrypted Binaries Work In Mac OS X

By now we know that OS X uses encrypted binaries for some critical apps like Dock, Finder and LoginWindow. Amit Singh explains the implementation of this protection scheme which makes use of the AES crypto algorithm and a special memory pager in Mach. The so called Do Not Steal Mac OS X (DSMOS) kernel extension helps along the way by decrypting things for the special pager when apps get executed. A funny thing is that if you print the pointer at address 0xFFFF1600 in your own app you get as output Apple’s karma poem for crackers! According to the article there are 8 protected binaries in OSX including Rosetta and Spotlight meta data demon. Interestingly Apple’s window server is NOT one of those.

IE 7 Breaks Juniper SSL VPN

and from what I hear, just about every other SSL VPN. This would not be so bad if M$ was not planning to push out IE7 as an automatic update on November 1st. Current advice: Don’t update/use IE7. Fortunately, M$ released a tool that will automatically block the IE7 auto update.

Anti-scam website hit by DDOS attacks

Help needed… A website set up to help spread information about alleged scammers is suffering so many denial of service attacks that its current host has asked the site to find a new home.

Bot nets likely behind jump in spam

Bots and bot nets have rapidly emerged as one of the major threats on the Internet.

The Ten Most Dangerous Things Users Do Online

End users — god bless ‘em. You can’t live with ‘em — but without them, you wouldn’t have a job. They’re the reason you have an IT infrastructure; they’re also the single greatest threat to the security of that infrastructure. Because, in the end, most users have no idea how dangerous their online behavior is.

MySpace Accounts Compromised By Phishers

Netcraft has discovered that the social networking site MySpace appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form submits the victim’s username and password to a remote server hosted in France.

Mac OS X Cracked For PCs Again

Ars Technica and The Register are reporting the Apple Kernel 10.4.8 has been cracked using Apple’s publicly available source trees. This is the first time Apple was hit by hackers again since Maxxuss silently left the scene. The funny thing about this is the hacker who cracked OSx has released his sources according to APSL. He told Ars Technica in an interview that he did this because he believes in freedom of information, but will this now harm Apple’s opensourceness?

Spammers Fined A$5.5 million

A Perth company and it’s director have been issued a A$5.5 million (approx. US$4 million) fine for breaching anti-spam laws. Australian IT watchers may be familiar with the director, Robert Mansfield — he’s been personally fined A$1 million for the offenses. The Company, Clarity1, sent 280 million unsolicited emails of which 74 million hit mailboxes between 4/2004 and 4/2006.

Mac OS Bluetooth exploit – Inqtana.d

Inqtanad is a proof-of-concept exploit, which has not yet been seen in the wild, that is installed on a Mac OS X computer via Bluetooth from a computer or PDA running a Linux system.

BT acquires Counterpane Internet Security

BT has announced that it has acquired Counterpane (Bruce Schneier) Internet Security, a provider of managed networked security services, as part of its strategy to expand and develop its global professional services capabilities.

Security Vendor Bypasses Microsoft’s Vista PatchGuard

Authentium contends that it wasn’t hard to create a product that defies Vista’s kernel protection program, but said it will continue to work with Microsoft to find alternative development techniques.

Researchers warn over RFID cards

Without even removing their cards from wallets or pockets, consumers can potentially see their privacy and security compromised.

Unified Threat Management – Friend or Foe?

One of the latest trends in information security is Unified Threat Management (UTM). In a nutshell UTM is the combining of security functionality (i.e. anti-virus and network traffic scanning, alerting, firewalling, etc.) into a single appliance or software suite. Many articles cover aspects in favor of UTM but fail to consider any of the risks.

Is The Metasploit Hacking Tool Too Good?

The open source project already offers penetration testing tools and exploit code. Now it’s going further, offering eVade-o-Matic, a tool to make it harder to detect exploit code aimed at Web browsers. Has the group gone too far?

Is IE 7 Really More Secure Than IE 6?

Microsoft released its long-awaited Internet Explorer 7.0 browser on Oct. 19. The free download allows Windows users to replace IE 6.0, which hasn’t had a serious feature update since it first came out in 2002.

Unlocking the iPod

Jon Johansen became a geek hero by breaking the DVD code. Now he’s liberating iTunes – whether Apple likes it or not.

Windows Defender Final v1.1.1592.0

Windows Defender is a free program that helps you stay productive by protecting your computer against pop-ups, slow performance and security threats caused by spyware and other potentially unwanted software.

Beware the Bots

Malicious code that turns computers into zombies is wreaking all kinds of havoc.

Teleworkers know (and ignore) security risks, study says

The majority of telecommuters are aware of the security dangers that go along with using mobile devices and remotely logging onto their employers’ networks, yet their behavior for the most part contradicts this awareness, according to a study by Cisco Systems and research firm InsightExpress.

Less Than Zero Threat, Part 1

The security industry and trade press have directed a lot of attention toward the ‘Zero-day attack,’ promoting it as THE threat to guard against. According to the marketing hype, the Zero-Day attack is the one that you should most fear, so you must put in place measures to defend your organization from it.

Less Than Zero Threat, part 2

In part 1, we introduced the idea of a Less-Than-Zero threat and defined it relative to a Zero-Day threat. Now, I’ll go a little deeper on each and discuss ways to protect your organization from them.

Turn Off WiFi and Bluetooth When Not In Use

Metasploit is working on a module to transition kernel mode exploits into user mode.

Firefox 2.0 goes live

Get it while it’s hot Updated Firefox 2.0 was due to be released on Tuesday in the US but the final version of the source browser was available from Mozilla FTP site early on Monday. Firefox 2.0 boasts a raft of new features including an integrated in-line spell checker, as well as an anti-phishing tool, tightly-integrated search, and improvements in tabbed browsing.

Q&A – Why Metasploit Publishes Hacker Tools

H.D. Moore, head researcher of hacker organization Metasploit, talks about why it’s important to publish security exploits.

eEye Introduces Personal freeware

eEye Digital Security, the developer of endpoint security and vulnerability management software solutions, has announced the release of Blink Personal, a free version of its award-winning Blink endpoint security technology, developed for non-commercial users.