Rodney Campbell's Blog

Know Your Enemy: Malicious Web Servers

In this paper, we examine client-side attacks and evaluate methods to defend against client-side attacks on web browsers.

Skype Linux Reads Password and Firefox Profile

Users of Skype for Linux have just found out that it reads the files /etc/passwd, firefox profile, plugins, addons, etc, and many other unnecessary files in /etc.

Student cracks Government’s $84m porn filter

Tom Wood, 16, said it took him just over 30 minutes to bypass the Government’s filter, released on Tuesday.

Point, Click … Eavesdrop – How the FBI Wiretap Net Operates

The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device.

Virtualized rootkits – Part 1 and Part 2

There has been a lot of buzz around the topic of virtualized rootkits. Joanna Rutkowska has been working on a new version of Blue-Pill, her proof of concept invisible rootkit, while a team made by three prominent security experts (Thomas Ptacek, Nate Lawson, Peter Ferrie) challenged her that there is not an “invisible” rootkit.

Nothing new here – Monster.com hacked

1.6 million records with personal info uploaded to remote webserver.

Good Articles on CAPTCHAs

Mark Burnett has a few good articles on the CAPTCHA. Check the articles out here and here. They do a good job at explaining some of the high level problems with CAPTCHAs but don’t be fooled, this is only the tip of the iceburg as I’m sure Matt would agree.

Book Review: Network Warrior

Entry level certifications such as the Cisco Certified Network Associate (CCNA) have become the source of many jokes to people in the industry, largely because of the seemingly inept people that proudly display their certifications. This is made worse by the volume of books geared only to get people through the exam. Network Warrior bills itself as the exact opposite — if the subtitle is to be believed it contains “Everything You Need to Know That Wasn’t on the CCNA Exam”. I actually bought this book the other day but havn’t read it yet – looking forward to it though.

Latest anti-virus and anti-malware products testing results

Veteran tester Andreas Marx has done another major test of 29 anti-virus and anti-malware products, and it’s worth taking a look at — notwithstanding the caveat that it’s only using the on-demand capabilities of the scanner (as opposed to real-time protection, which is another bulwark in an antivirus program’s defense of a system).

Some common misconceptions about ARP cache poisoning

In this article I comment on a few misconceptions about ARP cache poisoning that I come across from time to time, even from people who know what ARP cache poisoning is and (more or less) how it works.

Evil Java Full-Screen PopUp

10 claims that scare security pros

A child with a chocolate-smeared shirt says, “I didn’t do it.” The phone rings, and Mom assures you, “There’s nothing to worry about.” A systems administrator carrying a box of tapes says, “We’ll have everything back up in a few minutes.” Sometimes the first words you hear — despite their distance from the truth — tell you everything you need to know.

Designs for taking on criminals

The UK government has unveiled its latest weapon in the fight against crime – designers. Police are confident that innovative design can help reduce the risk of theft and burglary.

LLDP – Link Layer Discovery Protocol Fuzzer

LLDP is a Layer 2 protocol which allows network devices to advertise their identity and capabilities on the local network, it helps to keep track of devices and the packets are multi-casted.

Threats when using Online Social Networks (pdf)

This research paper describes some of the threats when companies or a private person uses Online Social Networks.

Defcon 15 Presentations

Delete This!

A series of legal events means that companies that have no business reason to retain documents or records may be compelled to create and retain such records just so they can become available for discovery.

Protecting Browsers from DNS Rebinding Attacks

DNS rebinding attacks subvert the same-origin policy and convert browsers into open network proxies. These attacks can circumvent firewalls to access internal documents and services and require less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers.

ISP (Cox Communciations) uses DNS to redirect from IRC to bot cleaner

DNS redirection is not a new phenomenon: it is widely used to manage parked domains, and in some cases to direct mistyped URLs to splash pages that carry adverts. Cox were already experimenting with redirection in May this year, but the present redirection is the first on record that has been aimed at cleaning out bots.

Spam goes back to the future

Bulk e-mail using attachments in the Portable Document Format (PDF) has begun to decline just a month after it first appeared, and spammers are moving on to Excel files, security firms said this week.

A Quick Intro to Sniffers

Wireshark/Ethereal, ARPSpoof, Ettercap, ARP poisoning and other niceties.

Javascript LAN Scanner

Scan your local area network using your web browser and javascript.

Utility evades Vista kernel defenses

Aussie software can get around 64-bit Vista’s signed-code requirement.