Rodney Campbell's Blog

LLDP – Link Layer Discovery Protocol Fuzzer

LLDP is a Layer 2 protocol which allows network devices to advertise their identity and capabilities on the local network, it helps to keep track of devices and the packets are multi-casted.

Threats when using Online Social Networks (pdf)

This research paper describes some of the threats when companies or a private person uses Online Social Networks.

Defcon 15 Presentations

Delete This!

A series of legal events means that companies that have no business reason to retain documents or records may be compelled to create and retain such records just so they can become available for discovery.

Protecting Browsers from DNS Rebinding Attacks

DNS rebinding attacks subvert the same-origin policy and convert browsers into open network proxies. These attacks can circumvent firewalls to access internal documents and services and require less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers.

ISP (Cox Communciations) uses DNS to redirect from IRC to bot cleaner

DNS redirection is not a new phenomenon: it is widely used to manage parked domains, and in some cases to direct mistyped URLs to splash pages that carry adverts. Cox were already experimenting with redirection in May this year, but the present redirection is the first on record that has been aimed at cleaning out bots.

Spam goes back to the future

Bulk e-mail using attachments in the Portable Document Format (PDF) has begun to decline just a month after it first appeared, and spammers are moving on to Excel files, security firms said this week.

A Quick Intro to Sniffers

Wireshark/Ethereal, ARPSpoof, Ettercap, ARP poisoning and other niceties.

Javascript LAN Scanner

Scan your local area network using your web browser and javascript.

Utility evades Vista kernel defenses

Aussie software can get around 64-bit Vista’s signed-code requirement.

Security Evaluation of Apple’s iPhone (pdf)

The iPhone’s applications for surfing the web and checking emails are potentially at risk to remote attacks. We wanted to determine exactly how well the software on the iPhone was designed to resist such attacks.

Anti-(Anti-Malware) Malware detects if in VM environment and reboots

By detecting virtual machines and changing the behavior, malware authors make analysis more difficult – an AV researcher either has to run the malware on physical machines, modify the virtual environment he’s using to prevent detection or manually analyze the malware.

BIND 9 DNS Cache Poisoning

The paper shows that BIND 9 DNS queries are predictable i.e. that the source UDP port and DNS transaction ID can be effectively predicted.

Phishing tool constructs new sites in two seconds

Analysts at RSA Security early last month spotted a single piece of PHP code that installs a phishing site on a compromised server in about two seconds.

Feds use key logger to thwart PGP, Hushmail

A recent court case provides a rare glimpse into how some federal agents deal with encryption.

Mac OS X with 100 bugs – Still safer than Windows?

Apple has plugged around 100 vulnerabilities in OS X so far this year, but the malware threat to Mac customers is insignificant compared to users of Microsoft Windows.

Anti Forensics: making computer forensics hard

Methods of removal and subversion of evidence with the objective to mitigate results of computer forensics.

ToorCon 8 Videos

Time to blacklist blacklists

Blacklists have their place for detecting and identifying malicious content and activity, with the whole signature-based malware detection industry effectively being built around the concept that blacklists are reliable mechanisms. The only problem is that they aren’t.

Eight in ten major Web sites highly vulnerable to attack

Eight out of ten Web sites contain common flaws that can allow attackers to steal customer data, create phishing exploits, or craft a variety of other attacks, a security company reported today.

Alternative Botnet C&Cs (pdf)

Free sample chapter (chapter 3) from Botnets: The Killer Web Application.

The IPO of the 0day (pdf)

Stock fluctuation from an unrecognized influence; interesting stats: average 0day lifetime: 348 days, shortest life: 99 days, longest life: 1080 (3 years).

Have Spammers Overcome the CAPTCHA?

A new threat, dubbed Trojan.Spammer.HotLan.A, is using automatically generated Yahoo and Hotmail accounts to send out spam email, which suggests that spammers have found a way to overcome Microsoft’s and Yahoo’s CAPTCHA systems.