Locking your screen using a MetaWatch

Posted by grymoire in Hacking, Linux, Security on January 31, 2012

This is a simple way to control access to your Linux computer if you happen to own a MetaWatch.
You walk away, and screenlock is activated. You come back into the room, and (optionally) the screen unlocks.

It’s also an amusing way to drive someone crazy if they are using your computer with your permission.
Or if you can trick a friend to execute the script on his computer, when you are nearby. You just disable BlueTooth your MetaWatch, and the computer screenlocks.

How to use your MetaWatch for a proximity-detector and user authentication device

I wrote a perl script that would lock my Linux computer if I walked away. You need to enable BlueTooth on the MetaWatch, so it’s discoverable. This script could be used with any BlueTooth device, theoretically. Except that the device has to be discoverable. And most devices have to be put into discover mode. Also note that this script does not pair with the device. Here is another approach where the device is paired to the Linux system. One of these days I’d like to modify this script into a more versatile script. But I thought this script might be useful. Some of the perl code might be useful. I used the Perl Net::Bluetooth package. Since this package might not be installed, I added an error message that gives the user a clue how to fix this problem. The script can also unlock the screen if you get closer. So you can use this to both lock and unlock the screen. Adding an unlock feature is not secure, as anyone who can clone the BlueTooth address can unlock your screen.

The perl code to screenlock your computer when a BlueTooth device moves away

#!/usr/bin/perl -w
#
# KeepNear - this program wants to keep a BlueTooth device near the Linux system.
# If the BlueTooth device leaves the vicinity, the system screenlocks.
# If the device comes back, the system unlocks the screen
# Written by Grymoire - Tue Jan 17 21:29:03 EST 2012
#
#
use strict;
#User modifiable configuration parameters
my $verbose=0; # set to 1 for more detail/debug
my $address = "D0:37:61:3F:F0:0A"; # bluetooth address the system is looking for
my $name = "MetaWatch";       # name of bluetooth device the system is looking for
 my $interval_between_samples = 10; # interval in seconds
my $maximum_interval_before_

locking = 60*5; # 5 minutes; If device is gone for this time, exit with status=1;
my $starting_delay = 60*3; # 3 minutes - wait this amount of time to start the timer. If no device is found, exit with status=2;
 my $unsafe = 0; # true if you want the bluetooth device to unlock the screen.
# naturally - any device that can spoof the BlueTooth address and name can unlock the computer.
# Use the unsafe mode at your own risk.

# Pick command to lock the screen
my $lock_command = "gnome-screensaver-command -l";
#my $lock_command = "xscreensaver-command -activate";
#my $lock_command = "dcop kdesktop KScreensaverIface lock";

# Is there a command to unlock the screen? - Warning - spoofing BT address can unlock the computer
my $unlock_command = "gnome-screensaver-command -d";

# other variables used

my $timestamp_last_time_device_was_seen;
 my $timestamp_last_time_device_was_missing;

# Load the Bluetooth module - with friendly error
eval   'use Net::Bluetooth;';
if ($@) {
  $verbose && print $@; # print the error message
  print "Hmm. I cannot find the perl library for Bluetooth.\n";
   print "If you do not mind, I have some suggestions that might help...\n";
  print "\n";
  print "If you have Ubuntu, try 'apt-get install libnet-bluetooth-perl'\n";
  print "Otherwise, try installing Net::Bluetooth in one of the following directories: " . join(", ", @INC) . "\n";
   print "If it's installed elsewhere, try adding the following line to the perl file: 'unshift \@INC \"/home/local\"'\n";
  die "Sorry - I cannnot go any further. Aborting";

}

sub am_i_near() {
  #### look at all of the remote bluetooth devices in the area
  #### return 1 (found) or 0 (not found)

  my $addr; # address of BT device we found
  my $device_ref = get_remote_devices();
   foreach $addr (keys %$device_ref) {
    $verbose && printf("Name: %s, Address: %s\n",  $addr, $device_ref->{$addr});
    if (($addr =~ /$address/i) && (($device_ref->{$addr}) =~ /$name/i)) {
       # Both the name and the BlueTooth address matches
      return 1; # I found the device
    } else {
      $verbose && printf( "Device %s != %s, and/or BlueTooth Address %s != %s\n",
                          $addr, $address, $name, $device_ref->{$addr});
     }
  }
  return 0; #device was not found
}

sub main() {

# the first time I start up, make sure I find the device
  my $start=time();
  my $interval = 0;
  while ($interval<=$starting_delay && !defined($timestamp_last_time_device_was_seen)) {
     $interval=time()-$start; # how long have I been waiting?
    $verbose && print "I've been waiting $interval seconds so far\n";
    if (&am_i_near()) {
      $timestamp_last_time_device_was_seen = time();
     } else {
      printf(STDERR "Warning - Cannot find BlueTooth device with address $address, let me try again\n");
      sleep($interval_between_samples);
    }
  }

  if (defined($timestamp_last_time_device_was_seen)) {
     $verbose && printf("I found the device after %f seconds\n", ($timestamp_last_time_device_was_seen-$start))
  } else {
    $verbose && printf("I waited $interval seconds, which is greater that %d, and I did not see BlueTooth address $address, so I am quiting\n", $starting_delay);
     exit(2);
  }

  # I found it. Now we enter the main loop
  printf(STDERR "Entering screenlock mode\n");
  sleep($interval_between_samples); # once
# now start the main loop.
  while (1) {
     # is the device nearby?
    if (&am_i_near()) {
      $timestamp_last_time_device_was_seen = time(); # yes.
      # perhaps unlock the screen - if the unsafe option is on
      $unsafe && system($unlock_command);
     }
    $interval=time()-$timestamp_last_time_device_was_seen; # how long is the device missing?
    if ($interval > $maximum_interval_before_locking) { # too long.
      system($lock_command);
    } else {
       $verbose && printf(" %f < %f, wait again\n", $interval, $maximum_interval_before_locking);
    }
    sleep($interval_between_samples);
  }
}

&main();
1; #exit properly

Bluetooth, metawatch, Perl

No Comments

MetaWatch Hacking Part 1

Posted by grymoire in Hacking, Linux, Technology on December 25, 2011

I just received an Analog MetaWatch. Cool. Let’s hack it.

This page discusses updating the firmware on both Linux and Windows-based Operating Systems. I also talk about installing the toolchain for Linux,

First step: Upgrade the Firmware to 0.8.0

Hmm. After reading the notes on the wiki and the PDF from the developer site, I downloaded the updated firmware and firmware updated, and FET-Pro430 Lite. I tried to reflash my watch. I was not able to select the box that said “Verify Security Fuse” or “Auto Prog.”

Aha! I was fooled by the diagram in the reflashing manual. You cannot check those boxes. Instead, you have to press the “Verify Security Fuse” and then press “Auto Prog”.

I also tried to reflash the watch using Linux. See below.

I was reading some documents, and it suggested installing the MSP430 toolchain. This is not needed if you just want to reflash the watch because you can use apt-get to install msdebug.

However, see below, I had problems flashing with Linux. See below.

Install the Linux toolchain

I typed

 sudo apt-get install subversion gcc-4.4 texinfo patch libncurses5-dev zlibc zlib1g-dev libx11-dev libusb-dev libreadline6-dev

Since I am in the “admin” group, I did the following so I don;t have to be root to update the software. So I typed

sudo mkdir /opt; sudo chgrp admin /opt; sudo chmod 775 /opt

This way I do not have to compile the toolchain using sudo. In a new directory, I typed

svn checkout https://mspgcc4.svn.sourceforge.net/svnroot/mspgcc4cd mspgcZsh buildgcc.sh

This took a while to run. It failed when it tried to downloadhttp://gd.tuwien.ac.at/gnu/sourceware/insight/releases/insight-6.8-1.tar.bz2This file did not exist. So I searched for this file and found it herehttp://pkgs.fedoraproject.org/repo/pkgs/insight/insight-6.8-1.tar.bz2/4ee9824c1e8d6108d886c6c09b24f0ac/insight-6.8-1.tar.bz2So I downloaded and unpacked it into a new directory with

tar xvfj insight-6.8-1.tar.bz2cd insight-6.8-1./configuremake

This failed at the following

gcc -c -g -O2   -I. -I.././gdb -I.././gdb/config -DLOCALEDIR="\"/usr/local/share/locale\"" -DHAVE_CONFIG_H -I.././gdb/../include/opcode -I.././gdb/../readline/.. -I../bfd -I.././gdb/../bfd -I.././gdb/../include -I../libdecnumber -I.././gdb/../libdecnumber   -DMI_OUT=1 -DGDBTK -DTUI=1  -Wall -Wdeclaration-after-statement -Wpointer-arith -Wformat-nonliteral -Wno-pointer-sign -Wno-unused -Wno-switch -Wno-char-subscripts -Werror linux-nat.ccc1: warnings being treated as errorslinux-nat.c: In function ‘linux_nat_info_proc_cmd’:linux-nat.c:2879: error: ignoring return value of ‘fgets’, declared with attribute warn_unused_result

There were several errors. Gcc was configured to give an error for any warning. Rather than chnage the compile option, I just fixed the code. In most cases error returns were ignored.

Example - I  changed

      fgets (buffer, sizeof (buffer), procfile);to    if (fgets (buffer, sizeof (buffer), procfile)) {    printf_filtered ("cmdline = '%s'\n", buffer);      }

Here is the patch file I used for the changes to insight

———————–

*** ./eval.c    2011-12-25 14:09:58.000000000 -0500--- ./eval.c.~1~    2008-02-03 19:23:04.000000000 -0500****************** 1647,1656 ****      struct type *tmp_type;      int offset_item;    /* The array offset where the item lives */ -     i=0;-     while (i<=MAX_FORTRAN_DIMS) {-       subscript_array[i++]=0;-     }      if (nargs > MAX_FORTRAN_DIMS)        error (_("Too many subscripts for F77 (%d Max)"), MAX_FORTRAN_DIMS); --- 1647,1652 ----*** ./utils.c    2011-12-25 14:07:47.000000000 -0500--- ./utils.c.~1~    2008-01-01 17:53:13.000000000 -0500****************** 704,712 ****      abort ();    /* NOTE: GDB has only three calls to abort().  */        default:      dejavu = 3;!     if (write (STDERR_FILENO, msg, sizeof (msg))==-1) {!       error( ("write failed."));!     }      exit (1);        }    }--- 704,710 ----      abort ();    /* NOTE: GDB has only three calls to abort().  */        default:      dejavu = 3;!     write (STDERR_FILENO, msg, sizeof (msg));      exit (1);        }    }*** ./mi/mi-cmd-env.c    2011-12-25 14:03:43.000000000 -0500--- ./mi/mi-cmd-env.c.~1~    2008-01-01 17:53:14.000000000 -0500****************** 78,86 ****           /* Otherwise the mi level is 2 or higher.  */ !   if (!getcwd (gdb_dirbuf, sizeof (gdb_dirbuf))) {!     error( ("getcwd failed."));!   };    ui_out_field_string (uiout, "cwd", gdb_dirbuf);     return MI_CMD_DONE;--- 78,84 ----           /* Otherwise the mi level is 2 or higher.  */ !   getcwd (gdb_dirbuf, sizeof (gdb_dirbuf));    ui_out_field_string (uiout, "cwd", gdb_dirbuf);     return MI_CMD_DONE;*** ./linux-nat.c    2011-12-25 13:52:59.000000000 -0500--- ./linux-nat.c.~1~    2008-01-29 17:47:20.000000000 -0500****************** 2876,2884 ****        sprintf (fname1, "/proc/%lld/cmdline", pid);        if ((procfile = fopen (fname1, "r")) != NULL)      {!       if (fgets (buffer, sizeof (buffer), procfile)) {!         printf_filtered ("cmdline = '%s'\n", buffer);!       }        fclose (procfile);      }        else--- 2876,2883 ----        sprintf (fname1, "/proc/%lld/cmdline", pid);        if ((procfile = fopen (fname1, "r")) != NULL)      {!       fgets (buffer, sizeof (buffer), procfile);!       printf_filtered ("cmdline = '%s'\n", buffer);        fclose (procfile);      }        else*** ./main.c    2011-12-25 14:03:43.000000000 -0500--- ./main.c.~1~    2008-01-05 11:49:53.000000000 -0500****************** 188,196 ****    line[0] = '';        /* Terminate saved (now empty) cmd line */    instream = stdin; !   if (!getcwd (gdb_dirbuf, sizeof (gdb_dirbuf))) {!     error( ("getcwd failed."));!   };    current_directory = gdb_dirbuf;     gdb_stdout = stdio_fileopen (stdout);--- 188,194 ----    line[0] = '';        /* Terminate saved (now empty) cmd line */    instream = stdin; !   getcwd (gdb_dirbuf, sizeof (gdb_dirbuf));    current_directory = gdb_dirbuf;     gdb_stdout = stdio_fileopen (stdout);*** ./cli/cli-cmds.c    2011-12-25 14:03:44.000000000 -0500--- ./cli/cli-cmds.c.~1~    2008-01-01 17:53:14.000000000 -0500****************** 320,328 ****  {    if (args)      error (_("The \"pwd\" command does not take an argument: %s"), args);!   if (!getcwd (gdb_dirbuf, sizeof (gdb_dirbuf))) {!     error( ("getcwd failed."));!   }     if (strcmp (gdb_dirbuf, current_directory) != 0)      printf_unfiltered (_("Working directory %s\n (canonically %s).\n"),--- 320,326 ----  {    if (args)      error (_("The \"pwd\" command does not take an argument: %s"), args);!   getcwd (gdb_dirbuf, sizeof (gdb_dirbuf));     if (strcmp (gdb_dirbuf, current_directory) != 0)      printf_unfiltered (_("Working directory %s\n (canonically %s).\n"),*** ./inflow.c    2011-12-25 14:06:53.000000000 -0500--- ./inflow.c.~1~    2008-01-01 17:53:11.000000000 -0500****************** 545,567 ****    if (tty != 0)      {        close (0);!       if (dup (tty)==-1) {!         error(("dup(tty) failed."));!       }      }    if (tty != 1)      {        close (1);!       if (dup (tty)==-1) {!         error(("dup(tty) failed."));!       }      }    if (tty != 2)      {        close (2);!       if (dup (tty)==-1) {!         error(("dup(tty) failed."));!       }      }    if (tty > 2)      close (tty);--- 545,561 ----    if (tty != 0)      {        close (0);!       dup (tty);      }    if (tty != 1)      {        close (1);!       dup (tty);      }    if (tty != 2)      {        close (2);!       dup (tty);      }    if (tty > 2)      close (tty);*** ./top.c    2011-12-25 14:03:42.000000000 -0500--- ./top.c.~1~    2008-01-01 17:53:13.000000000 -0500****************** 1628,1636 ****     /* Run the init function of each source file */ !   if (!getcwd (gdb_dirbuf, sizeof (gdb_dirbuf))) {!     error( ("getcwd failed."));!   };    current_directory = gdb_dirbuf;   #ifdef __MSDOS__--- 1628,1634 ----     /* Run the init function of each source file */ !   getcwd (gdb_dirbuf, sizeof (gdb_dirbuf));    current_directory = gdb_dirbuf;   #ifdef __MSDOS__

———

I then installed the gdbserver software (which apparently insight does this).

Next I went back to the previous step, and told it to not install insight (as it was already installed).

I used

perl buildgcc.pl

as the previous step said this was preferred.

I added the compiler to the searchpath by executing the following as root

echo ‘export PATH=${PATH}:/opt/msp430-gcc-4.4.3/bin;’ >/etc/profile.d/msp430.sh

Next I downloaded Next I downloaded the tar file for mspdebug from sourceforge.

And did the following

tar xvfz mspdebug-version.tar.gzhttp://getsatisfaction.com/thingm/topics/fatory_settings_for_blinkm
cd mspdebug-version
make
sudo make install

This worked. However,m I also read that I could have just installed this program using apt-get.

So I downloaded the firmware and typed

unzip MetaWatch_Analog_FW_WDS111_V0_8_0.zip

ANd then to reprogram the firmware, I typed

sudo mspdebug rf2500

and it responded

MSPDebug version 0.18 – debugging tool for MSP430 MCUs
Copyright (C) 2009-2011 Daniel Beer <dlbeer@gmail.com>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Trying to open interface 1 on 002
Initializing FET…
FET protocol version is 30263144
Configured for Spy-Bi-Wire
Set Vcc: 3000 mV
Device ID: 0×0580
Device: MSP430F5438A
Code memory starts at 0x5c00
Number of breakpoints: 8

I next typed

prog AnalogWatchV0_8_0.txt

This took a while, and the system printed severla lines like

Erasing…
Programming…
Writing 4096 bytes to 5c00…
Writing 4096 bytes to 6c00…
Writing 4096 bytes to 7c00…
[snip]]]
Writing 4096 bytes to 29ff0…
Writing 4096 bytes to 2aff0…
Writing 4096 bytes to 2bff0…
Writing 4096 bytes to 2cff0…
Writing 2138 bytes to 2dff0…

And then I got the prompt again. I tried pressing the buttons with the USB connector attached, and I saw nothing. I was worried I bricked the device at first. But when I disconnected and reconnected the clip, the watch returned to normal, and when I pressed the status button, It reported it was using the 0.8.0 firmware version…

I reread the forum, and I did not update all of the flash. The text files goes up to @2E800 and beyond. But according to Daniel Beer, this is normal. 2138 bytes past
0x2dff0 is 0x2e84a, which appears to be the upper limit of the firmware.

So both Linux and Windows were successfully able to upload the firmware.

References

metawatch, msp430

No Comments

Alchemy Walkthrough for the iPhone

Posted by grymoire in Technology on November 24, 2011

Walkthrough for Alchemy on the iPhone

I wrote a program that examines all of the recipes, and it creates a walkthrough for the complete set of recipes.

I tried to get all of the recipes in exact order, but there seems to be a bug in the program. But you can complete all of the phases if you jump around within each phase.

Note. This is “Alchemy”. This is NOT the following games:

Zed’s Alchemy
Master of Alchemy
Alchemy Premium

Note – I think there are only 230 elements. The 231 elements, in the recipe, is “*” – which is a wildcard. It matches any elements.

Walkthrough

Basic Elements

You start with these

Water
Soil
Fire
Air

Phase 1

Water+Fire=>Alcohol
Air+Soil=>Dust
Air+Fire=>Energy
Water+Water=>Lake
Soil+Fire=>Lava
Water+Air=>Steam
Water+Soil=>Swamp

After this, you should have 10 out of 230 elements

Phase 2

Fire+Dust=>Ash
Steam+Air=>Cloud
Swamp+Energy=>Life
Air+Lava=>Stone
Water+Lava=>Stone
Air+Energy=>Storm
Water+Alcohol=>Vodka
Alcohol+Fire=>Whiskey

After this, you should have 17 out of 230 elements

Phase 3

Swamp+Life=>Bacterium
Life+Stone=>Egg
Life+Fire=>Fire Golem
Life+Lava=>Lava Golem
Stone+Fire=>Metal
Life+Ash=>Phantom
Cloud+Water=>Rain
Air+Stone=>Sand
Water+Stone=>Sand
Water+Life=>Seaweed
Lava+Stone=>Volcano

After this, you should have 27 out of 230 elements

Phase 4

Water+Sand=>Beach
Air+Egg=>Bird
Metal+Steam=>Boiler
Swamp+Sand=>Clay
Soil+Egg=>Dinosaur
Fire+Egg=>Fried Egg
Fire+Sand=>Glass
Swamp+Egg=>Lizard
Metal+Fire=>Mercury
Life+Metal=>Metal Golem
Swamp+Seaweed=>Moss
Seaweed+Soil=>Mushroom
Bacterium+Water=>Plankton
Energy+Metal=>Radiowave
Water+Metal=>Rust
Sand+Storm=>Sandstorm
Life+Sand=>Seeds
Bacterium+Swamp=>Sulfur
Sand+Egg=>Turtle
Bacterium+Swamp=>Worm

After this, you should have 47 out of 230 elements

Phase 5

Mushroom+Life=>1up
Fire+Sulfur=>Acid
Bird+Metal=>Airplane
Ash+Glass=>Ashtray
Soil+Lizard=>Beast
Clay+Fire=>Brick
Soil+Worm=>Bug
Air+Worm=>Butterfly
Stone+Plankton=>Cockleshell
Seeds+Energy=>Coffee
Dinosaur+Fire=>Dragon
Swamp+Moss=>Fern
Bacterium+Plankton=>Fish
Air+Dinosaur=>Flying Dinosaur
Clay+Life=>Golem
Soil+Moss=>Grass
Glass+Fire=>Lamp
Radiowave+Fire=>Laser
Energy+Radiowave=>Microwave
Fire+Bird=>Phoenix
Sand+Worm=>Snake
Swamp+Worm=>Snake
Alcohol+Worm=>Tequila
Mercury+Glass=>Thermometer
Storm+Bird=>Thunderbird
Soil+Seeds=>Tree

After this, you should have 72 out of 230 elements

Phase 6

Rain+Acid=>Acid Rain
Glass+Fish=>Aquarium
Fish+Fish=>Caviar
Tree+Fire=>Coal
Fire+Bug=>Firefly
Fish+Swamp=>Frog
Golem+Life=>Human
Life+Beast=>Human
Stone+Cockleshell=>Limestone
Swamp+Grass=>Reed
Acid+Metal=>Salt
Bug+Sand=>Scorpion
Fish+Seaweed=>Sushi
Fire+Grass=>Tobacco
Tree+Life=>Walking Tree
Beast+Water=>Whale
Plankton+Fish=>Whale

After this, you should have 87 out of 230 elements

Phase 7

Fish+Human=>Aquaman
Dinosaur+Human=>Blood
Clay+Limestone=>Cement
Clay+Human=>Ceramics
Fire+Human=>Corpse
Alcohol+Human=>Drinker
Vodka+Human=>Drinker
Stone+Human=>Hut
Beast+Human=>Livestock
Coal+Water=>Oil
Human+Bacterium=>Patient
Human+Egg=>Patient
Metal+Coal=>Pig-iron
Salt+Lake=>Sea
Human+Human=>Sex
Mushroom+Human=>Shaman
Boiler+Coal=>Steam Engine
Whale+Metal=>Submarine
Metal+Human=>Tool

After this, you should have 104 out of 230 elements

Phase 8

Soil+Tool=>Arable Land
Human+Sex=>Baby
Hut+Beach=>Bungalow
Water+Cement=>Concrete
Corpse+Soil=>Grave
Livestock+Grass=>Manure
Livestock+Human=>Meat
Livestock+Grass=>Milk
Livestock+Human=>Milk
Sea+Sea=>Ocean
Tool+Reed=>Paper
Oil+Tool=>Petrol
Mushroom+Tool=>Poison
Snake+Tool=>Poison
Tool+Scorpion=>Poison
Human+Submarine=>Submariner
Blood+Human=>Vampire
Tool+Metal=>Weapon
Tree+Tool=>Wood
Livestock+Human=>Wool
Life+Corpse=>Zombie

After this, you should have 122 out of 230 elements

Phase 9

Human+Wool=>Ape
Water+Wood=>Boat
Concrete+Brick=>Brick house
Paper+Tobacco=>Cigarette
Tool+Wool=>Fabric
Meat+Fire=>Fried Meat
Zombie+Corpse=>Ghoul
Weapon+Human=>Hunter
Shaman+Poison=>Medicine
Arable Land+Seeds=>Peas
Wood+Life=>Pinocchio
Weapon+Poison=>Poison Weapon
Arable Land+Reed=>Rice
Limestone+Manure=>Saltpeter
Ocean+Air=>Space
Laser+Weapon=>Starwars
Baby+*=>Toy
Vampire+Beast=>Werewolf
Arable Land+Grass=>Wheat
Wood+Tool=>Wheel
Bacterium+Milk=>Yogurt

After this, you should have 143 out of 230 elements

Phase 10

Space+Life=>Alien
Wheat+Alcohol=>Beer
Wood+Wheel=>Cart
Fabric+Patient=>Clobber
Fabric+Human=>Clothing
Human+Peas=>Fart
Hunter+Bird=>Feather
Stone+Wheat=>Flour
Saltpeter+Sulfur=>Gunpowder
Human+Rice=>Japanese
Brick house+Lamp=>Lighthouse
Space+Stone=>Meteorite
Poison Weapon+Human=>Murderer
Boat+Fabric=>Sailing Boat
Brick house+Glass=>Skyscraper
Space+Lava=>Sun
Medicine+Medicine=>Vicodin
Weapon+Hunter=>Warrior
Wood+Boat=>Wooden ship
Shaman+Starwars=>Yoda

After this, you should have 163 out of 230 elements

Phase 11

Metal+Gunpowder=>Bomb
Paper+Feather=>Book
Clobber+Human=>Cleaner
Water+Flour=>Dough
Weapon+Gunpowder=>Fire-arms
Warrior+Dragon=>Hero
Japanese+Metal=>Katana
Feather+Fabric=>Pillow
Brick house+Beer=>Pub
Japanese+Tool=>Robot
Wooden ship+Fabric=>Sailing Vessel
Japanese+Weapon=>Samurai
Clothing+Brick house=>Shop
Steam Engine+Cart=>Steam Locomotive
Wooden ship+Steam Engine=>Steamship
Beast+Cart=>Team
Wooden ship+Weapon=>Warship
Warrior+Warrior=>War

After this, you should have 181 out of 230 elements

Phase 12

Fire+Dough=>Bread
Laser+Book=>CD
Hero+Sailing Vessel=>Columbus
Human+Book=>Doctor
Hero+Fire=>Firefighter
Book+Sex=>Kamasutra
Japanese+Book=>Manga
Samurai+Poison Weapon=>Ninja
Murderer+Sailing Vessel=>Pirate
Fire-arms+Murderer=>Sniper
Bomb+Murderer=>Terrorist

After this, you should have 192 out of 230 elements

Phase 13

Brick house+Doctor=>Hospital
Doctor+Vicodin=>HouseMD
Doctor+Book=>Scientist
Columbus+Ocean=>USA

After this, you should have 196 out of 230 elements

Phase 14

Scientist+Livestock=>Clone
Scientist+Energy=>Electricity
USA+Skyscraper=>NewYork
Scientist+Bomb=>Nuclearbomb
Scientist+Grass=>Philosopher

After this, you should have 201 out of 230 elements

Phase 15

Metal+Electricity=>Aluminium
Electricity+Glass=>Bulb
Hero+NewYork=>Cop
Philosopher+Stone=>Elixir
Nuclearbomb+*=>Radiation

After this, you should have 206 out of 230 elements

Phase 16

Radiation+Bug=>Cockroach
Cop+Scientist=>FBI
Elixir+*=>Gold
Bird+Aluminium=>Plane
Radiowave+Bulb=>TV

After this, you should have 211 out of 230 elements

Phase 17

Plane+Bomb=>Bomber
TV+Book=>Computer
Gold+Paper=>Money
Plane+Human=>Pilot
Plane+Gunpowder=>Rocket
FBI+Alien=>X-Files

After this, you should have 217 out of 230 elements

Phase 18

Computer+Life=>AI
Money+Brick house=>Bank
Money+Human=>Business
Radiowave+Computer=>Cellphone
Computer+Human=>Cyborg
Computer+Sex=>Developer
Computer+Computer=>Internet
Clobber+Pilot=>Skydiver
Boat+Rocket=>Speedboat
Rocket+Water=>Torpedo
Alien+Rocket=>UFO

After this, you should have 228 out of 230 elements

Phase 19

Internet+Pirate=>Hacker
Cyborg+Mercury=>T-1000

After this, you should have 230 out of 230 elements

Alchemy, games, IOS, iPhone

No Comments

How should I secure My Computer? (Advanced)

Posted by grymoire in Security on October 25, 2011

This is still a work in process.

Keep all of your software up to date.

I use Secunia Personal Software Inspector (PSI). This is free for home, non-commercial use.

Another tool you can use is filehippo .

Modify your system to do security updates frequently.

Get a hardware-based firewall.

Get a hardware based firewall between you and the Internet. Your cable modem doesn’ count. The “Firewall” on your computer does not count. Make sure you change the default password.

1. Install a hardware-based firewall If you have a high-speed connection (i.e. not using a telephone dialup line) you should get a dedicated firewall router. If your vendor has provided you with one

OpenDNS

Advanced tools

http://blogs.technet.com/b/yuridiogenes/archive/2011/05/25/identifying-unexpected-activity-using-sysinternals-tools.aspx

Install TCPView

Install Process Monitor

http://technet.microsoft.com/en-us/sysinternals/bb896645

Microsoft has a new security scanner that augments their virus detection software

http://www.microsoft.com/security/scanner/en-us/default.aspx

A good write-up on this is here

http://andrewtechhelp.com/tech-news/windowsoffice-news/120-microsoft-safety-scanner

Microsoft has a package that will remove rootkits

They have a bootable disk image you can use to remove spyware

http://connect.microsoft.com/systemsweeper

Mailware Removal Guide

http://www.selectrealsecurity.com/malware-removal-guide

Firefox Plugins

NSA Has some suggestions

http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf

The FCC has Ten Cybersecurity tips for small businesses

No Comments

Adding the ARDX.ORG source code to your Arduino Example folder

Posted by grymoire in Hacking, Shell Scripting, Technology on October 16, 2011

I purchased the ARDX kit from Lady Ada, and I wanted to experiment with all of the source code from the ARDX web site. However typing in the link and copying the source code didn’t automatically add it as an example. Instead I had to re-save it as a sketch. So instead, I wrote a shell script called ARDX.sh

This does several things.

It downloads all of the sketches.
It creates a directory to store all of the sketches
It creates a directory for each one of the sketches.
It renames the source code into a *.pde file
It moves the *.pde file into the proper sketch folder
It removes all files created during the process. that are no longer needed.

To use the script, simply type

./ARDX.sh

# This creates a folder called "Ardx"

mv Ardx .../arduino-0022/examples/.

Here is the script. Note how I used the $debug variable. This let me select if I wanted to show the commands or execute the commands.

 #!/bin/sh
# Remove the '#' at the beginning of the next line to debug this script
#debug=echo
if [ ! -d Ardx ]
then
    mkdir Ardx
fi
cd Ardx
Examples="01 02 03 04 05 06 07 08 09 10 11 12A 13A"
for i in $Examples
do

    $debug wget -r http://ardx.org/CODE$i
done

$debug wget -r http://www.ardx.org/src/circ/CIRC12-code-ADAF.txt
$debug wget -r http://www.ardx.org/src/circ/CIRC13-code-ADAF.txt

# Now create a directory for each of the examples
Examples="01 02 03 04 05 06 07 08 09 10 11"
for i in $Examples
do
    if [ ! -f ardx.org/src/circ/CIRC$i-code.txt ]
    then
    echo unable to find file ardx.org/src/circ/CIRC$i-code.txt
    else
    $debug mkdir CIRC$i
    $debug mv ardx.org/src/circ/CIRC$i-code.txt CIRC$i/CIRC$i.pde
    fi
done
# Now remove the old files in 

$debug mkdir CIRC12A
$debug mv www.ardx.org/src/circ/CIRC12-code-ADAF.txt CIRC12A/CIRC12A.pde
$debug mkdir CIRC13A
$debug mv www.ardx.org/src/circ/CIRC13-code-ADAF.txt CIRC13A/CIRC13A.pde

$debug /bin/rm -r ardx.org www.ardx.org

Restart your Arduino session, and when you look in examples, you will see a new folder called Ardx. Inside is a sketch for each of the examples.

Arduino, ARDX, Lady Ada

No Comments

DigiNotar

Posted by grymoire in Hacking, Politics, Security on September 7, 2011

Here is a summary of the DigiNotar hack that has been in the news.

DigiNotar is a Dutch Certificate Authority (CA). They provide a root certificate installed in your IE, Firefox, Safari or Chrome web browser. They are one of several hundred Certificate Authorities.

First of all, someone noticed someone was able to create an unauthorized Google certificate. The certificate was for “*.google.com” and allowed anyone using it to perform a Man-in-the-Middle (MITM) attack. Essentially, someone could intercept any secure traffic to and from Google (Gmail, etc.) It was spotted by someone in Iran Someone in Iran noticed this. The Google certificate was signed by DigiNotar, which was unusual, as Google uses a different CA. This sort of activity would be notices if you had installed a browser add-on like Firefox’s Certificate Patrol.

This created quite a bit of news, similar to the Comodo Hack. According to the Associated Press, “DigiNotar acknowledged it had been hacked in July, though it didn’t disclose it at the time. It insisted as late as Tuesday that its certificates for government sites had not been compromised.” And “But Donner said a review by an external security company had found DigiNotar’s government certificates were in fact compromised, and the government is now taking control of the company’s operations. The government also is trying to shift over to other companies that act as digital notaries, he said.”

It is then revealed that there were 531 forged certificates created, targeting CIA, Yahoo, Twitter, Facebook, WordPress, Microsoft Live, torproject, Mozilla, Skype, and others.

The root certificate to DigiNotar was revoked by Microsoft, Google (Chrome), and Mozilla (Firefox). Firefox was updated to 6.0.2 to address this.

It turns out that someone who calls themselves the ComodoHacker claims to have hacked Comodo and DigiNotar. The hacker has bragged about his intentions in his Pastebin account. Some of his comments

He is an independent hacker, and not part of an Iranian Cyber Army
He is a hactivist – he hacks for his own reasons
He hacked DigiNotar because of their involvement in the Srebrenica genocide 16 years ago.
He’s protesting “US and Israel’s involvement in Stuxnet”
He’s protesting HBGary’s CEO for spreading malware in the Middle East, and that the FBI did not “see/find/detect/catch” this.
He has hacked 4 other CA’s and names one: GlobalSign. In response GlobalSign stopped issuing certificates
He claims he has hacked Microsoft’s update process. For proof, he has created a modified version of calc.exe that is “signed by Microsoft.”

There is a discussion if this person is really him. We shall see.

Expect more news. Many security experts have stated that the entire Certificate Structure infrastructure is broken. Having 100+ Certificate Authorities – all trusted equally, is just a bad idea. This is the opposite of Defense in Depth, where you need multiple failures to compromise a system. If any CA fails, the entire system fails. Let’s compare the two approaches mathematically.

Suppose you had a system where each certificate was signed by two certificate authorities. For the sake of simplification, let’s assign a probability of a certificate compromise to be 1%. Perhaps it should be 0.1%, but we can look at that later.

In the case of two CA’s signing each certificate, the probability of a certificate compromise is -(CA¹)*(CA²), or in this case (1%*1%) or 0.01%.

Compare this to the case where you have ten CA’s, and if ANY are compromised, any certificate may be suspect.

To calculate the probability of a certificate compromise with multiple equivalent CA’s, you need the formula

1-(1-CA¹)*(1-CA²)*(1-CA³)*(1-CA⁴)*(1-CA⁵)*(1-CA⁶)*(1-CA⁷)*(1-CA⁸)…*(1-CA^N)

If there are 10 CA’s, and each has a probability of 1% failure, then the probability of a failure if any are compromised is

1-(99%*99%*99%*99%*99%*99%*99%*99%*99%*99%),

which is

1-0.99¹⁰ => 1-0.90438 or about 10%

If you had a hundred CA’s, then the chance of a failure is 1-0.99¹⁰⁰ or 1-0.3660 or 73%!

Suppose you change the percentage to 0.1% per CA. 0.999¹⁰⁰is 90.4%, so the change of any single certificate being compromised is 10%.

If you assume is 0.01% per individual CA, the probability becomes 1%.

In any case, the proliferation of CA’s in the browser has seriously broken Internet Security. This is why people and teams like CMU and Moxie Marlinspike to offer suggestions.

Certificate Authorites, Comodo, ComodoHacker, DigiNotar

2 Comments

How should I secure my Computer?

Posted by grymoire in Security on September 4, 2011

Several of my non-geeky friends have asked for advice on how to make sure their computer is secure. I decided to write a series of tutorials, written to different levels:

Beginners – something simple for people who don’t feel comfortable with computers.
Advanced - Someone with years of experience. See My Advanced Guide
Expert – someone who goes to extreme levels of protection

This post is the tutorial for beginners. Check the Advanced guide if you want more protection with more work.

1. Make sure your operating system is up to date and all of the security patches are applied.

This is the most important thing you can do. Check your computer, and make sure your system is installing patches regularly. Frankly, if you are using Windows XP, should should use Windows 7 instead. Windows 7 has several advanced protection mechanisms XP does not have.

Windows 7

Click on the Windows Icon in the lower left check, and type Action Center. The click on Windows Update. Make sure your computer is up to date. If not,check your settings. Remember that if you shut down your computer every night, it might not be getting the updates automatically.

2. Install an anti-virus package

Install an Anti-virus package. If you really want to, install a commercial one. However Microsoft’s Anti-virus package – Security Essentials, is free, works well, and doesn;t get in your way. Note that Microsoft monitors what computers get infected with, and they keep their anti-virus packages up to date.

3. Check your Computer Security Status

This will verify you have the system set up correctly.

Window 7 Tips

Go to the Windows Icon, click the mouser and type “Check Security Status” The following items should be “On” or “OK.”

Network Firewall (Windows Defender) – If you install Microsoft Security essentials, WIndows Defender will not turn on. That’s okay. MSE replaces Windows Defender.
Windows Update
Virus Protection
Spyware and Unwanted software protection
Internet Security Settings
User Account Control

4. Keep your software up to date

Certain software needs to be up to date to protect your computer.

Your Browser

This is the most important package, as hackers will generate code thatcan break right through your browser, and gain access to your computer. Check to see if your browser, either Firefox, or Internet Explorer, or Safari, is up to date.

Acrobat Reader

The second biggest target on your computer is Adobe Acrobat. Hackers try to trick you into opening PDF files, which can install malware on your computer.

Java

If you have Java installed on your computer, make sure it’s up to date. Sun/Oracle have a program that will check to see if your copy of Java is up to date. Make sure that when you install it, you don;t install extra software that Oracle is paid to promote.

iTunes/QuickTime

iTunes has a auto-update feature. It checks if you are out of date. That’s good. It also asks you to install Safari and a Mobile Media package, which I don’t like to install because I don’t need it.

Microsoft Office

Microsoft Office files has been used to hack into computers. Opening a Word or Excel document can compromise a computer if you are not up to date.

4. Make sure your browser’s plug-ins are up-to-date

Go to Mozilla’s plug-in checker. This is fast and free. It tells you if your copy of Acrobate Reader, or Java is out of date. It will also check Flash, Silverlight, etc.

The second way to do this is to use the Qualys plugin checker. This requires you to install a plug-in, but it checks for things that Mozilla’s web page can not check. There is a Javascript check they offer, instead.

5. Brian Krebs gives us three rules for remaining safe:

Brian Kregs is a very smart blogger, and I love how his rules are simple yet effective.

If you didn’t go looking for it, don’t install it!”
“If you installed it, update it.”
If you no longer need it, remove it.

If your operating system has a pop-up at the bottom of your screen, it is part of the operating system. If it appears when you go to a web page, it’s not from your computer. It’s from the external site – Don’t trust it! It could be a lie.

He also adds Don’t download illegal software.

6. Get a hardware-based firewall.

This is part of the Advanced step, but I want to mention it hear. Get a hardware based firewall between you and the Internet. Your cable modem doesn’t count. The “Firewall” on your computer doesn’t count. You should get a separate box between your computers and the hardware your ISP provides. This box should be configured to do NAT (Network Address Translation). Some also provide Wireless access.

Make sure you change the default password.

Make sure you keep the firmware up to date.

If it provides Wireless Access, turn on encryption.

Don’t use WEP encryption. WPA is also vulnerable in some cases. Use WPA2 if you can.

7. Check your system using ShieldsUp

GO to Steve Gibson’s Web Site and go to the Services=> ShieldsUp! page.

Click on Service Ports to have his machine probe your machine for open ports.

Don’t be concerned if you get a blue (closed) Icon. However, if any of the ports show up red, then be concerned. You may have something running on you firewall that allows someone to gain access to your computer.

Adobe, Anti-Virus. Browsers, Firewalls, iTunes, microsoft, Patches, PDF, Plug-ins, Security, Software

5 Comments

Building a lockpick training station

Posted by grymoire in Uncategorized on July 24, 2011

I wanted a setup that would let me practice my Lockpicking skills.

First of all, you need some parts

Practice Locks. The first one I used KIK (Key-in-Knob) locks. Schuyler Towne sells them. (soon to be available to the public).
Nice piece of wood for the Practice
1/4×20 Threaded Brass Inserts From Rockler, or from LeeValley. For a larger list, check here. You can also use steel inserts, which are cheaper.
Decorative Solid Brass Knurled Knobs from Rockler or from LeeValley You could use simple thumbscrews, which again are cheaper.
Drill bits for the Threaded Insert. The size depends upon your wood, and your inserts. The brass inserts from Rockler says to use a 3/8″ for softwood, and 13/32″ for hardwood.
Two (2) 1/4″x20 hex bolts. It is important that at least one of these is threaded all the way up to the top.
2 or 3 nuts to match the above bolts.
A desktop drill press if you have one.
A drill press vise is also useful.
A small hand saw to cut the slots in the wood
5/8″ Forster drillbit (to drill the hole for the KIC cylinder)
A wrench for the 1/4″x20 hex bolt.
A combination square is useful for the layout
Wood. The piece I used was 1″x1 3/4″x(depends on the number of locks)
A 1/4×20 insert driver like this make make thins easier.

These measurements were for a Schlage KIK lock. Remember the #1 rule for woodworking:

Measure twice. Cut once.

Laying out the holes

The Schlage Cylinder is 5/8″ with the pins extending up 3/8″. The brass knurled knobs are 1″ long. Then need to extend into the hole to grab the cylinder, so the following are the key measurements

3/8″ for the pin slot or less
5/8″ for the cylinder
7/8″ for the brass knob threads, leaving 1/8″ to extend into the cylinder.

To help with the orientation, the slot for the pins is on top, and the knurled knob is on the bottom.

Therefore the wood must be 3/8″ + 5/8″ + 7/8″ or 15/8″, which is 1 7/8″ or less. I used 1 3/4″

The center of the 5/8″ hole is halfway – or 5/16. Therefore measuring from the top it’s 3/8″ + 5/16″ = 11/16″

From the bottom it’s 7/8″ + 5/16″ or 19/16″ from the bottom. Mark the spot with a nail, or an awl.

Layout the circles on the wood, and drill the 5/8″ hole. From the bottom, drill a hole from the center of the 1″ wide wood using the 3/8″ or 13/32″ for hardwood. You may want to drill a recess first that is wide enough to fit the base of the brass bolt neatly into the wood. After drilling this, drill a 3/8″ drill hole must go all the way to intersect the 5/8″ hole. This hole fits the outer diameter of the thredted insert. The recess hole should be shallow (only 1/4: deep).

Using the Lock for a guide, mark the slots for the cylinder. Better to cut to narrow than too wide, as you can make the slot wider later. At this point, the lock should fit into the hole.

Repeat this for each lock. Well, it’s better to measure all of the 5/8″ centers at once. If you screw up, cut the end off, and try again. Notice I did not say what the length of the wood it. That depends on your mistakes and the number of lo

You may want to sand the wood at this time.

Next step -Brass inserts.

The next step is to install the brass screws. Even though there is a slot you can insert a screwdriver, this does nto work with hardwoods. Also – the insert might go in crooked. There’s a special trick to installing them.

Put the insert into the wood (at the bottom of the piece, and insert a 1/4″x20 hex bolt into ths insert. This bolt MUST BE THREADED ALL THE WAY to top. If there is an unthreaded shaft, when this shaft reaches the insert, it will split the insert.

Hold the wood vertical with the drill press vice. Place it under your drill press. Now take another 1/4″x20″ bold, turn it upside down, and place the head on top of the head of the bolt in the insert. Put 2 or 3 nuts onto this bolt, and use these nuts to grip the bolt in the drill press. Essentially – this makes sure you are 100% perpendicular.

Now use the adjustable wrench and grip both bold heads. Turn the bold heads so it forces the insert into the wood. By using two bolts, and turning both simultaneously, you make sure the threads go in perfectly straight.

Stop when the threaded insert is flush with the wood surface.

If you use steel, then things are easier because steel is stronger. But I like the looks of brass.

At this point, you repeat this step for each of the locks. If the threaded insert sticks up a little, you can use a file to remove the excess brass.

The results looks like this

2 Comments

Security News July 2011

Posted by grymoire in Hacking, Security on July 6, 2011

Contents

Security News July 2011.

Chinese Army Developed Online Wargame:
Take a bow everybody, the security industry really failed this time.
Another use of a Teensy as a HID device to hack into a company.
Another Teensy-like device, from AdaFruit/Lady Ada.
A commentary on Siemans Summit for End Users.
INCORPORATING CYBER SECURITY INTO THE EXECUTION METHODOLOGY OF AUTOMATION PROJECTS.
Microsoft follows Google in pulling plug on its home-energy service.
Verizon: RSA Hackers Using Trojans, Keyloggers In Second Wave Attacks.
MasterCard DDoSed.
Google Labs vulnerable to SQL Injection.
Lockheed Promises Electric-Grid Security.
Hacked Fox News Twitter account claimed Obama had been assassinated.
Hackers target Apple server
DOE Networks under Siege – Labs Report Sophisticated Breaches.
Microsoft releases Security Essentials 2.1.
Some of Stuxnet source code available.
Some of Spaf’s early ideas on defense, which are still valid ann unusual today.
US Military researching secure chips.
Symantec’s 2010 Annual Study: U.S. Cost of a Data Breach (March 2011)
Microsoft says it is pushing cyber attacks on to the user
Google dumps all 11+ million .co.cc sites from its results.
National Board of Information Security Examiners.

Updated July 8th.

New BIND Release Fixes High-Severity Remote Bugs.
Cyber Security and US-China Relations.
What’s Worse, Incompetence or Deception?.
Siemens Cyber Security Report Card (Part 1 of 2) (plus Presentation)
Email: Washington Post Jobs Hacked.
10 Largest hacker attacks.
Siemens – Implementing a Network Behavior-based Intrusion Detection System for Control System Networks.
Five Steps To Help Repel The ‘Lulz’
Anonymous vows revenge after 15 arrested; AntiSec hacks continue.
Phone hacking probe: Ex-News of the World editor Coulson arrested.
Hacker Exposes Florida’s Voting Database — Again.
Apple fixes bugs used by the new Jailbreakme executable.
Universal Music passwords exposed by Anonymous hack.
Colorado agency loses medical aid applicants’ data.
Massive botnet ‘indestructible,’ say researchers.
Throwing in the Towel: The Sorry State of Client Security.

Updated July 13th.

Google: Business version of Google+ is coming.
Politics: Backdoors in hardware?.
Politics: Threat of destructive coding on foreign-manufactured technology is real
Politics: It’s China’s turn to wrestle with a pile of bad debt
Politics: Smart grid cybersecurity standards potentially subject to conflict of interest
Hackers: Anonymous, LulzSec and the Trouble with Hacktivism..
Opinion: Is high security backfiring in U.S.?.
Breach: David Beckham’s website defaced by hackers.
Hackers: How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History.
Alert: DroidDream Again Appears in Android Market Apps.
Research: Information flow can reveal dirty deeds.
Vulnerability: Java vulnerability demonstrates file planting.
Research: “Transparent” photonics chip may lead to faster networks and cloaks of invisibility.
Operations: Operational cybersecurity in shared HPC environments.
Alert: Microsoft Fixes Scary Bluetooth Flaw, 21 Others.
Alert: More on the bluetooth vulnerability.
Breach: Kiplinger Reveals Breach Of 142,000 Customer Accounts.
CyberSecurity: Elster REX2 Smart Meter Teardown.
Research: Mitigating Software Vulnerabilities – Microsoft
Alert: Putty 0.61 released.
Hackers: CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability.
Hackers: Cross Site Scripting Video Tutorial
Hackers: Video on cracking PEAP.
Hackers: A summary of PDF tricks, either based on data encodings, javascript, or PDF structure.
Hackers: New version of the Bus Pirate available.
Fun: Cryptex-based secure flash drive.
Hackers: List of default passwords/backdoors in BIOS.
Updated July 19^th:
Politics: U.S., Russia Forge Cybersecurity Pact
Breach: Voda femtocells open phones up to intercept
Breach: Vodafone Hacked – Root Password published.
Breach: Anonymous attacks agri-giant Monsanto, leaking information on 2,500 employees.
Breach: Monsanto responds to cyber attack.
Technology: IT, security can’t keep up as consumer device use grows.
Breach: New Report Finds U.S. Hosting Providers Infested With Malware, Botnets.
Hack: Teensy/PDF Dropper
Hack: And Blocking/Detecting Teensy/PDF Dropper
Fun:Programming Monsters (Cartoon monsters representing programming errors)
Hack: Live CD for RFID Hacking.
Breach: Pentagon Discloses Massive Data Theft, Lays Out New Security Strategy.
Politics: Pentagon’s new cyber strategy.
Hack: How to buy friends and deceive ppl: how the freelance market has created a testbed for emerging cybercrime activities.
Hack: Zeus for Android and fake Kaspersky Antivirus 2011.
Hack: Blackhat Preview Webcast
Visualization:The Tale of Two Visualizations – a TED Talk by the head of F-Secure.
Breach: 24,000 files were swiped from a US defense contractor
Security: Hotmail banning common passwords.
Hack: Mantra Security Toolkit 0.6.1 Released – Browser Based Hacking Framework.
Technology: Introducing BrowserID: A better way to sign in.
Technology: How BrowserID differs from OpenID.
Tool: DRAFT Web Application Security Working Group Charter
Hack: Widespread site compromise leading to Zeus.
Technology: Oracle to Fix 78 Bugs in July Patch Update.
Politics: U.S. House Committee Questions Ability to Secure Wall Street Data.
Breach: 4000 Websites hacked by The 077 ( HamDi HaCker )
Anti-Tamper: An interesting blog on physical chip security by Christopher Tarnovsky.
Politics: US military learning cybersecurity lessons from businesses.
Crime: More Than 100 Arrested in Fake Internet Sales.
Research: Http Parameter Contamination (HPC) Attack / Research Paper
Politics: US forced to redesign secret weapon after cyber breach.
Technology: A list of documented incident response methodologies from CERT Society Generale.
Breach: US Cyber Attackers Hack Lady Gaga’s Website; Call Her Homophobic.
Tools: List of Chrome Extensions for Security Professionals.
Tools: Snort docs by platform – updated with Amazon EC2.
Politics: Whizz kids deserting the spy world as threat of attacks increases.
Hack: AVR Cheat Sheet
Tool: New Sguil HTTPRY Agent
Technology: Cisco Network Emergency Response Vehicle:
Politics: China’s QR Code Bullet Train Tickets Spill Your Personal Info.
Tools: Kernel Level exploitation book.
Breach: Toshiba admits 7500 customer accounts pillaged.
Breach: Ship to Gaza hit by cyber attack.
Breach: The Sun gets hacked by LulzSec.
Politics: Attacks on military targets are tightly focused.
Technology: SCADA Vendors Issue Patches; Users Don’t Apply Them..
Technology: Single Keystroke Nearly Self-Destructs Unmanned Navy Copter

Security News July 2011

Chinese Army Developed Online Wargame:

http://www.schneier.com/blog/archives/2011/06/chinese_army_de.html

Take a bow everybody, the security industry really failed this time

http://erratasec.blogspot.com/2011/06/take-bow-everybody-security-industry.html

Lessons to learn:

Putting your security in the hands of tools will fail you every time.
If you exclude anything from vulnerability testing you will fail.
Security is the first business I have seen where the customer is not always right.

Another use of a Teensy as a HID device to hack into a company

http://pentest.snosoft.com/2011/06/24/netragards-hacker-interface-device-hid/

Another Teensy-like device, from AdaFruit/Lady Ada

http://www.ladyada.net/wiki/products/atmega32u4breakout/index.html?s[]=teensy

A commentary on Siemans Summit for End Users

http://www.isssource.com/summit-for-end-users-security-101/

INCORPORATING CYBER SECURITY INTO THE EXECUTION METHODOLOGY OF AUTOMATION PROJECTS

http://scadahacker.com/files/presentations/Project%20Execution%20and%20Control%20Systems%20Security%20%28paper%29%20-%20ISA%20POW10-P010%20-%20Langill.pdf

Microsoft follows Google in pulling plug on its home-energy service

http://www.zdnet.com/blog/microsoft/microsoft-follows-google-in-pulling-plug-on-its-home-energy-service/9892

Verizon: RSA Hackers Using Trojans, Keyloggers In Second Wave Attacks

http://threatpost.com/en_us/blogs/verizon-rsa-hackers-using-trojans-keyloggers-second-wave-attacks-063011

MasterCard DDoSed

http://www.thehackernews.com/2011/06/mastercard-again-down-by-ddos-attack-in.html

Google Labs vulnerable to SQL Injection

http://www.thehackernews.com/2011/06/sql-injection-vulnerability-in-google.html

Includes step-by-step instructions using havij tool

Lockheed Promises Electric-Grid Security

http://www.bloomberg.com/news/2011-06-30/lockheed-promises-electric-grid-security-for-1-3-billion-market.html

Hacked Fox News Twitter account claimed Obama had been assassinated

http://venturebeat.com/2011/07/04/hacked-fox-news-twitter-account-claimed-obama-had-been-assassinated/

The hacking group Script Kiddies, which purportedly desires to work with Anonymous, claimed responsibility for the hack to Stony Brook University’s Think Magazine. “We are looking to find information about corporations to assist with antisec,” a Script Kiddies representative told Think Magazine. “Fox News was selected because we figured their security would be just as much of a joke as their reporting.”

Hackers target Apple server

http://news.cnet.com/8301-1009_3-20076688-83/hackers-target-apple-server/

The find, posted via the AntiSec hacking campaign, appears to be a warning that Apple “could be a target too.”

DOE Networks under Siege – Labs Report Sophisticated Breaches

http://h30499.www3.hp.com/t5/Following-the-White-Rabbit-A/DOE-Networks-Under-Siege-Labs-Report-Sophisticated-Breaches/ba-p/4811911

Microsoft releases Security Essentials 2.1

http://www.h-online.com/security/news/item/Microsoft-releases-Security-Essentials-2-1-1272446.html

Some of Stuxnet source code available

http://www.pentestit.com/2011/07/04/stuxnet-source-code-online/

Some of Spaf’s early ideas on defense, which are still valid ann unusual today.

http://www.cerias.purdue.edu/site/blog/post/more_than_passive_defense/

Rule #1 – Everything was built on a decoy system. Interesting for insider threat considerations.

US Military researching secure chips

http://arstechnica.com/tech-policy/news/2011/06/spies-military-looking-for-hacker–backdoor-proof-circuits.ars

Because of massive number of counterfeit chips, IARPA is interested in chip obfuscation, and split-manufacturing.

Symantec’s 2010 Annual Study: U.S. Cost of a Data Breach (March 2011)

http://www.symantec.com/content/en/us/about/media/pdfs/symantec_ponemon_data_breach_costs_report.pdf

Microsoft says it is pushing cyber attacks on to the user

http://www.computing.co.uk/ctg/news/2084120/microsoft-pushing-cyber-attacks-user

“The easiest way to infect a computer is to ask the user to do it,” said Haber.

Google dumps all 11+ million .co.cc sites from its results

http://www.theregister.co.uk/2011/07/06/google_cans_11m_dot_co_dot_cc_sites/

*.co.cc sold cheap domains. Therefore…

“According to a recent report from the Anti-Phishing Working Group, the .cc top-level domain hosted 4,963 phishing attacks in the second half of 2010, almost twice the number found under any other extension.”

Google blocked that subdomain. Now Phishers are using *.co.tv http://blog.sucuri.net/2011/07/google-blocks-co-cc-attackers-are-now-using-co-tv.html

National Board of Information Security Examiners

https://www.nbise.org/our-work

Updated July 8th

New BIND Release Fixes High-Severity Remote Bugs

http://threatpost.com/en_us/blogs/new-bind-release-fixes-high-severity-remote-bugs-070611

The high-severity vulnerability in many versions of the BIND software has the effect of causing the BIND server to exit when it receives a specially formatted packet. The ISC said that although it isn’t aware of any public exploits for the bug, it still recommends that organizations upgrade to one of the newer versions of BIND, which include 9.6-ESV-R4-P3, 9.7.3-P3 or 9.8.0-P4.

Cyber Security and US-China Relations

http://www.chinausfocus.com/peace-security/cyber-security-and-us-china-relations/

What’s Worse, Incompetence or Deception?

http://www.digitalbond.com/2011/07/06/whats-worse-incompetence-or-deception/

Security research DIllon Beresford talks about Siemens, and their lack of being striaightforward regarding responsible disclosure. I think he’s building up to a Blackhat Frenzy (when he’s going to reveal the hack)

Siemens Cyber Security Report Card (Part 1 of 2) (plus Presentation)

http://www.tofinosecurity.com/blog/siemens-cyber-security-report-card-part-1-2-plus-presentation

Email: Washington Post Jobs Hacked

http://www.wusa9.com/news/article/157575/187/Email-Washington-Post-Jobs-Hacked

10 Largest hacker attacks

http://powerwall.msnbc.msn.com/politics/10-largest-hacker-attacks-10396.gallery

Not this year. Largest ever. Fancy pictures. Little content.

Siemens – Implementing a Network Behavior-based Intrusion Detection System for Control System Networks

http://scadahacker.com/nba-ids-video.html

Video of presentation is included in the link and is worth watching.

It is a very interesting examples of using real tools (snort, etc.) to make a set of snort rules for normal traffic, and then with tweaking, modify the results to detect abnormal traffic

If you want to do IDS of an ICS system, this is a great start, and it can be applied .to any small network.

And it would have detected Stuxnet, says the presenter. Nice intro to clever snort (or snort rule) thinking, as some IDS systems are snort compatible (e.g. Bro, suricata).

Five Steps To Help Repel The ‘Lulz’

http://www.darkreading.com/authentication/167901072/security/attacks-breaches/231001172/five-steps-to-help-repel-the-lulz.html

Anonymous vows revenge after 15 arrested; AntiSec hacks continue

http://arstechnica.com/security/news/2011/07/anonymous-vows-revenge-after-15-arrested-in-italy-antisec-hacks-continue.ars

Phone hacking probe: Ex-News of the World editor Coulson arrested

http://www.bbc.co.uk/news/uk-14077405

Hacker Exposes Florida’s Voting Database — Again

http://yro.slashdot.org/story/11/07/08/0435222/Hacker-Exposes-Floridas-Voting-Database-mdash-Again

Apple fixes bugs used by the new Jailbreakme executable

http://www.networkworld.com/news/2011/070711-apple-developing-fixes-for-dangerous.html

Universal Music passwords exposed by Anonymous hack

http://www.theregister.co.uk/2011/07/07/universal_music_password_exposure/

Colorado agency loses medical aid applicants’ data

http://www.scmagazineus.com/colorado-agency-loses-medical-aid-applicants-data/article/206945/

Massive botnet ‘indestructible,’ say researchers

http://www.computerworld.com/s/article/9218034/Massive_botnet_indestructible_say_researchers

“TDL-4,” the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.

“[TDL-4] is practically indestructible,” Golovanov said.

Others agree.

Throwing in the Towel: The Sorry State of Client Security

https://www.infosecisland.com/blogview/15034-Throwing-in-the-Towel-The-Sorry-State-of-Client-Security.html

Interesting essay on the latest hacking tools and botnet compromises.

Updated July 13th

Google: Business version of Google+ is coming

http://www.computerworld.com/s/article/9218267/Google_Business_version_of_Google_is_coming

Politics: Backdoors in hardware?

http://www.fastcompany.com/1765855/dhs-someones-spiking-our-imported-tech-with-attack-tools

Politics: Threat of destructive coding on foreign-manufactured technology is real

http://www.nextgov.com/nextgov/ng_20110707_5612.php

Politics: It’s China’s turn to wrestle with a pile of bad debt

http://www.msnbc.msn.com/id/43600432/ns/business-eye_on_the_economy/

Politics: Smart grid cybersecurity standards potentially subject to conflict of interest

http://www.fiercegovernmentit.com/story/crs-smart-grid-cybersecurity-standards-potentially-subject-conflict-interes/2011-07-04

Hackers: Anonymous, LulzSec and the Trouble with Hacktivism

http://h30499.www3.hp.com/t5/Following-the-White-Rabbit-A/Anonymous-LulzSec-and-the-Trouble-with-Hacktivism/ba-p/4819625

Opinion: Is high security backfiring in U.S.?

http://worldblog.msnbc.msn.com/_news/2011/07/08/7019081-is-high-security-backfiring-in-us

By Richard Engel, NBC News Chief Foreign Correspondent, who travels to the Mid East many times.

TSA: “Don’t you travel to dangerous places all the time? How can this bother you? Where you go, people are shooting at you,” he said.

Engel: “Yes, but this is what the terrorists wanted. They want us to live in fear,” I said.

Breach: David Beckham’s website defaced by hackers

http://nakedsecurity.sophos.com/2011/07/11/david-beckhams-website-defaced-by-hackers/

Hackers: How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History

http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/

Alert: DroidDream Again Appears in Android Market Apps

http://threatpost.com/en_us/blogs/droiddream-again-appears-android-market-apps-071211

More Android packages have malware

Research: Information flow can reveal dirty deeds

http://www.sciencenews.org/view/generic/id/330731/title/Information_flow_can_reveal_dirty_deeds

Brandy Aven of Carnegie Mellon University in Pittsburgh reported June 1 at an MIT workshop on social networks.

He described how the hub and spoke communication organization kept the shady deals secret.

Vulnerability: Java vulnerability demonstrates file planting

http://www.h-online.com/security/news/item/Java-vulnerability-demonstrates-file-planting-1277163.html

Research: “Transparent” photonics chip may lead to faster networks and cloaks of invisibility

http://www.extremetech.com/computing/89688-new-transparent-photonics-chip-may-lead-to-faster-networks-and-cloak-of-invisibility

Operations: Operational cybersecurity in shared HPC environments

http://www.youtube.com/watch?v=qwGIUytMEnQ&feature=related

Interesting observation: We already have the tools to detect hacks. We just need to use them better.

Alert: Microsoft Fixes Scary Bluetooth Flaw, 21 Others

http://krebsonsecurity.com/2011/07/microsoft-fixes-scary-bluetooth-flaw-21-others/ http://threatpost.com/en_us/blogs/microsoft-patch-22-flaws-july-patch-tuesday-070711

Disable Bluetooth on your laptop.

Alert: More on the bluetooth vulnerability

http://blogs.technet.com/b/srd/archive/2011/07/12/ms11-053-vulnerability-in-the-bluetooth-stack-could-allow-remote-code-execution.aspx

This is a low-cost device used for reverse engineering hardware and monitoring busses.

Breach: Kiplinger Reveals Breach Of 142,000 Customer Accounts

http://www.darkreading.com/security/privacy/231001381/kiplinger-reveals-breach-of-142-000-customer-accounts.html

CyberSecurity: Elster REX2 Smart Meter Teardown

http://www.ifixit.com/Teardown/Elster-REX2-Smart-Meter-Teardown/5710/1

Research: Mitigating Software Vulnerabilities – Microsoft

http://security-sh3ll.blogspot.com/2011/07/mitigating-software-vulnerabilities.html

How exploit mitigation technologies can help reduce or eliminate risk, prevent attacks and minimize operational disruption due to software vulnerabilities. It covers

DEP
ASLR
SAFESEH and Structured Exception Handler Overwrite Protection (SEHOP)
Enhanced Mitigation Experience Toolkit (EMET)

Alert: Putty 0.61 released

http://lists.tartarus.org/pipermail/putty-announce/2011/000016.html

New features

Support for SSH-2 authentication using GSSAPI, on both Windows and Unix
On Windows: PuTTY’s X11 forwarding can now authenticate with the local X server
A small but important feature: you can now manually tell PuTTY the name of the host you expect to end up talking to

Hackers: CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability

http://j00ru.vexillium.org/?p=893

Hackers: Cross Site Scripting Video Tutorial

http://www.clerkendweller.com/2011/7/12/Cross-Site-Scripting-Video-Tutorial

Hackers: Video on cracking PEAP

http://www.securitytube.net/video/2039

Hackers: A summary of PDF tricks, either based on data encodings, javascript, or PDF structure.

https://code.google.com/p/corkami/wiki/PDFTricks

Hackers: New version of the Bus Pirate available

http://www.adafruit.com/blog/2011/07/12/updated-product-bus-pirate-bpv3-5-v3-5/

Fun: Cryptex-based secure flash drive

http://www.engadget.com/2011/07/12/cryptex-flash-drive-uses-combination-lock-sleeve-brings-a-whole/

Hackers: List of default passwords/backdoors in BIOS

http://www.duniapassword.com/2008/11/list-bios-default-backdoor-password.html

Updated July 19^th:

Politics: U.S., Russia Forge Cybersecurity Pact

http://www.informationweek.com/news/government/security/231001440

Breach: Voda femtocells open phones up to intercept

http://www.theregister.co.uk/2011/07/14/vodafone_femtocell_hack/

Breach: Vodafone Hacked – Root Password published

http://thcorg.blogspot.com/2011/07/vodafone-hacked-root-password-published.html

Breach: Anonymous attacks agri-giant Monsanto, leaking information on 2,500 employees

http://nakedsecurity.sophos.com/2011/07/13/anonymous-attacks-agri-giant-monsanto-leaking-information-on-2500-employees/

Breach: Monsanto responds to cyber attack

http://www.ksdk.com/money/article/266840/5/Monsanto-responds-to-cyber-attack

Technology: IT, security can’t keep up as consumer device use grows

http://www.computerworld.com/s/article/9218357/IT_security_can_t_keep_up_as_consumer_device_use_grows

Smart devices evolution is “unstoppable and inevitable” for IT to properly support and secure their integration into the business.

Breach: New Report Finds U.S. Hosting Providers Infested With Malware, Botnets

http://threatpost.com/en_us/blogs/new-report-finds-us-hosting-providers-infested-malware-botnets-071311

Hack: Teensy/PDF Dropper

http://blog.didierstevens.com/2011/07/13/teensy-pdf-dropper-part-1/

Hack: And Blocking/Detecting Teensy/PDF Dropper

http://blog.didierstevens.com/2011/07/14/quickpost-blocking-and-detecting-a-teensy-dropper/

Fun:Programming Monsters (Cartoon monsters representing programming errors)

http://www.infosecurity.us/blog/2011/7/13/programming-monsters.html

Hack: Live CD for RFID Hacking

http://hackaday.com/2011/07/09/live-cd-for-rfid-hacking-on-the-go/

Breach: Pentagon Discloses Massive Data Theft, Lays Out New Security Strategy

http://threatpost.com/en_us/blogs/pentagon-discloses-massive-data-theft-lays-out-new-security-strategy-071411

Politics: Pentagon’s new cyber strategy

http://www.acus.org/new_atlanticist/pentagons-new-cyber-strategy

First Pillar: The DoD will “treat cyberspace an an operational domain to organize, train, and equip so that DoD can take advantage of cyberspace’s potential.”
Second Pillar: The Department will “employ new defense operating concepts,”
Third Pillar: The Department will partner with other departments in the US goverment and the private sector.
Fourth Pillar: DoD “will build on robust relationships with US Allies and international partners to strengthen collective cybersecurity.”.
Fifth Pillar: The Department will “leverage the nation’s ingenuity through an exceptional workforce and rapid technological innovation”.

Hack: How to buy friends and deceive ppl: how the freelance market has created a testbed for emerging cybercrime activities

Freelancing jobs for account verification, spamming social networks

http://krebsonsecurity.com/2011/07/how-to-buy-friends-and-deceive-people/

Hack: Zeus for Android and fake Kaspersky Antivirus 2011

http://nakedsecurity.sophos.com/2011/07/14/zeus-for-android-update/

Hack: Blackhat Preview Webcast

https://www.blackhat.com/html/webcast/webcast-2011_preview.html

Visualization:The Tale of Two Visualizations – a TED Talk by the head of F-Secure

https://www.clarifiednetworks.com/Blog/2011-07-13%2020:47

Breach: 24,000 files were swiped from a US defense contractor

http://www.theinquirer.net/inquirer/news/2094275/-files-swiped-defence-contractor

by “an unidentified foreign government”

Security: Hotmail banning common passwords

http://arstechnica.com/microsoft/news/2011/07/hotmail-banning-common-passwords-to-beef-up-security.ars

Hack: Mantra Security Toolkit 0.6.1 Released – Browser Based Hacking Framework

http://www.darknet.org.uk/2011/07/mantra-security-toolkit-0-6-1-released-browser-based-hacking-framework/

Technology: Introducing BrowserID: A better way to sign in

http://identity.mozilla.com/post/7616727542/introducing-browserid-a-better-way-to-sign-in

Technology: How BrowserID differs from OpenID

http://identity.mozilla.com/post/7669886219/how-browserid-differs-from-openid

Tool: DRAFT Web Application Security Working Group Charter

http://www.w3.org/2011/07/appsecwg-charter.html

Hack: Widespread site compromise leading to Zeus

http://nakedsecurity.sophos.com/2011/07/15/widespread-site-compromise-leading-to-zeus/

Technology: Oracle to Fix 78 Bugs in July Patch Update

http://threatpost.com/en_us/blogs/oracle-fix-78-bugs-july-patch-update-071511

Politics: U.S. House Committee Questions Ability to Secure Wall Street Data

http://threatpost.com/en_us/blogs/us-house-committee-questions-ability-secure-wall-street-data-071411

Breach: 4000 Websites hacked by The 077 ( HamDi HaCker )

http://www.thehackernews.com/2011/07/4000-websites-hacked-by-077-hamdi.html

Anti-Tamper: An interesting blog on physical chip security by Christopher Tarnovsky

http://www.flylogic.net/blog/

Politics: US military learning cybersecurity lessons from businesses

http://www.networkworld.com/news/2011/071511-dod-cyberdefense.html

In its new cyberdefense strategy, the Pentagon is drawing on lessons about agility, lifecycle management and supply-chain protection that have already been learned by private corporations.

Crime: More Than 100 Arrested in Fake Internet Sales

http://krebsonsecurity.com/2011/07/more-than-100-arrested-in-fake-internet-sales/

Romanian and Moldavian scammers arrested.

Research: Http Parameter Contamination (HPC) Attack / Research Paper

http://www.exploit-db.com/download_pdf/17534

Politics: US forced to redesign secret weapon after cyber breach

http://www.theregister.co.uk/2011/07/15/cyber_breach_redesign/

“In a single intrusion this March, 24,000 files were taken.”

Technology: A list of documented incident response methodologies from CERT Society Generale

http://cert.societegenerale.com/en/publications.html

Breach: US Cyber Attackers Hack Lady Gaga’s Website; Call Her Homophobic

http://hken.ibtimes.com/articles/181614/20110717/lady-gaga-cyber-attack-hackers-homophobic.htm

US Cyber Attackers Hack Lady Gaga’s Website; Call Her Homophobic

Tools: List of Chrome Extensions for Security Professionals

http://www.pentestit.com/2011/07/18/list-chrome-extensions-security-professionals/

Tools: Snort docs by platform – updated with Amazon EC2

http://www.snort.org/docs

Politics: Whizz kids deserting the spy world as threat of attacks increases

http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/8635959/Whizz-kids-deserting-the-spy-world-as-threat-of-attacks-increases.html

Hack: AVR Cheat Sheet

http://tinkerlog.com/2009/06/18/microcontroller-cheat-sheet/

Tool: New Sguil HTTPRY Agent

http://isc.sans.org/diary.html?storyid=11200&rss

Technology: Cisco Network Emergency Response Vehicle:

http://www.cisco.com/web/about/doing_business/business_continuity/whitepaper_NERV.pdf

Enabling IP-Based Incident Management

Politics: China’s QR Code Bullet Train Tickets Spill Your Personal Info

http://www.penn-olson.com/2011/07/15/qr-train-tickets/

Tools: Kernel Level exploitation book

http://www.attackingthecore.com/

Breach: Toshiba admits 7500 customer accounts pillaged

http://www.theregister.co.uk/2011/07/18/tosh_customer_hack/

Breach: Ship to Gaza hit by cyber attack

http://www.thelocal.se/35002/20110718/

Breach: The Sun gets hacked by LulzSec

http://nakedsecurity.sophos.com/2011/07/19/sun-hack-lulzsec-video/

Politics: Attacks on military targets are tightly focused

http://www.thinq.co.uk/2011/7/19/attacks-against-military-targets-continue/

Technology: SCADA Vendors Issue Patches; Users Don’t Apply Them

http://www.isssource.com/vendors-issue-patches-users-don%E2%80%99t-apply-them/

Technology: Single Keystroke Nearly Self-Destructs Unmanned Navy Copter

http://www.foxnews.com/scitech/2011/07/18/single-key-stroke-nearly-leads-unmanned-navy-copter-to-self-destruct/

cybersecurity, Hacking, Politics, Security

No Comments

Security News June 2011

Posted by grymoire in Security, Technology on June 6, 2011

Summary

Several defense contractors were hacked, and the most likely method was the SecurID token.
Government accounts on GMAIL were attacked
Sony and Nintento hacked by LulzSec, others. Last count for Sony was 13 hacks, spawning the new term S0wned (Sony + P0wned)
China explains their Cyber War view. According to the translator, US is the aggressor.
New Flash update, fixes vulnerability seen in wild
Iran, Canada, InfraGard, Acer Hacked
Android gains firesheep capabilities by stealing cookies

Update for June 14, 2011

Hacked: Citibank, IMF, Senate, Codemasters
FBI Investigates LM Breach, Pittsford theft
Google removes suspicious apps
US urges Code of Conduct
Flash being exploited
IBM/Cloud Security
Secure Coding Framework update
Why it’s hard to trace hackers
Australian banks replace SecurID Token

Updated June 16th

Summary for June 23rd

NIST has SCADA guide
NSA team with ISP’s
Citibank affects 360K
Flash exploited
Bitcoins stolen
US builds test net for cyber war games
Sega- hack netted 3.29 million users
Northrup Grumman
Lulzsec & Anonymous form AntiSecurity, gets hacked, arrested
WordPress Backdoor
CNET has hacked spreadsheet
90% of all companies hacked
Scareware ring busted

Summary for June 30th

Chronology of Data Breeches
Travelodge
Should I Change My Password?
Secure Hash History Visualization
Apple Update
Disposable Router
LulzSec News
Electronic Arts
GPU Cracking
CitiBank
ChronoPay
‘Indestructable rootkit’
Tor Trojaned
Groupon
Popular iPhone PINS
Hackers vs. Al-Qaeda
Counterfeit chips

Defense Contractors: Fallout From RSA Breach

Lockheed’s finding confirmed the fears of security experts about the safety of the SecurID tokens and heightened concerns that other companies or government agencies could be vulnerable to hacking attacks..

LM will be re-issuing 45,000 of their their SecurID Tokens. Note the L-3 Communications (formerly from LM) and Northrup Grumman were also hacked.

http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229700229/targeted-attacks-on-u-s-defense-contractors-fallout-from-rsa-breach.html

http://www.nytimes.com/2011/06/04/technology/04security.html

Second Defense Contractor L-3 ‘Actively Targeted’ With RSA SecurID Hacks

http://www.wired.com/threatlevel/2011/05/l-3/

Northrop Grumman May Have Been Hit by Cyberattack, Source Says

http://www.foxnews.com/scitech/2011/05/31/northrop-grumman-hit-cyber-attack-source-says/

Northrup is now moving to smartcards.

Microsoft Enhanced Mitigation Evaluation Toolkit (EMET)

http://www.darknet.org.uk/2011/06/microsoft-enhanced-mitigation-evaluation-toolkit-emet/

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e127dfaf-f8f3-4cd5-8b08-115192c491cb

Microsoft now has a bootable package that can remove rootkits.

US-CERT’s summary of Control Systems Security Program (CSSP)

http://www.us-cert.gov/control_systems/ics-cert/archive.html

Lists reports related to SCADA and control systems. Worth bookmarking

ICS-CERT Monthly bulletin on ICS Security

http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_May.pdf

Sony Pictures hacked by Lulz Security, 1,000,000 passwords claimed stolen

http://www.engadget.com/2011/06/02/sony-pictures-hacked-by-lulz-security-1-000-000-passwords-claim/

http://dvice.com/archives/2011/06/oh-no-not-again.php

http://www.darkreading.com/database-security/167901020/security/privacy/229900138/sony-hacked-again-lulzsec-claims-compromise-of-1m-user-accounts.html

“Apparently LulzSec were a little pissed off that nobody at Sony noticed as they were downloading their secret files, so they sent them the friendly tweet shown above to let them know. Who says hackers don’t have good manners?”

Latest score: Hackers 12, Sony 0.

http://attrition.org/security/rants/sony_aka_sownage.html

The new term is sownage – replacing pownage.

Sony Russia hacked

http://www.allgeek.tv/2011/06/05/sony-pictures-russia-exposed-by-sql-injection/

Lulzsec attacks Nintendo

http://www.hardocp.com/news/2011/06/05/hackers_attack_nintendo

Spear phishing attacks from China towards gmail accounts

http://www.schneier.com/blog/archives/2011/06/spear_phishing.html

Gmail Hack Targeted White House

http://online.wsj.com/article/SB10001424052702304563104576361863723857124.html

More details on the GMAIL hack

http://money.cnn.com/2011/06/03/technology/gmail_phishing_scams/

And if you have a gmail account, read this

Spotting Web-Based Email Attacks

http://krebsonsecurity.com/2011/06/spotting-web-based-email-attacks/

China Calls US Culprit in Global ‘Internet War’

http://abcnews.go.com/Business/wireStory?id=13750409

Chinese view of American as the aggressor

http://taosecurity.blogspot.com/2011/06/chinas-view-is-more-important-than.html

Iran’s top secret files on wikileaks

http://thepiratebay.org/torrent/6422934/Anonymous_Operation_Iran_TOP_SECRET_FILES_

Hackers say Acer breach leaked data for 40,000

http://www.theregister.co.uk/2011/06/03/acer_customer_data/

Hackers stole secret Canadian government data

http://www.cbc.ca/news/technology/story/2011/06/02/pol-cyber-attacks.html

Android app brings cookie stealing to unwashed masses

http://www.theregister.co.uk/2011/06/03/android_cookie_stealing_app/

An android version of the FireSheep plugin

Exclusive: Microsoft Has Acquisition Deal With Nvidia

http://www.informationweek.com/news/windows/microsoft_news/229900137

Yahoo Mail, Hotmail become new targets for hackers

http://www.ibtimes.com/articles/157401/20110604/microsoft-yahoo-hotmail-protocol-trencd-micro-pdf-doc-phishing.htm

Anonymous reveals passwords for hundreds of Middle East government email accounts

http://thenextweb.com/me/2011/06/05/anonymous-reveals-passwords-for-hundreds-of-middle-east-government-email-accounts/

Adobe Flash Player 10.3.181.22 Released, fixes vulnerability being exploited

http://blog.sharpesecurity.com/2011/06/06/adobe-flash-player-10-3-181-22-released/

http://krebsonsecurity.com/2011/06/flash-player-patch-fixes-zero-day-flaw/

FBI partner attacked by hackers, passwords taken

http://www.fox11az.com/news/world/123201463.html

“Nearly 180 passwords belonging to members of the Atlanta-based FBI partner organization InfraGard have been stolen and leaked to the Internet”

“The passwords appear to include users from the U.S. Army, cybersecurity organizations and major communications companies.”

Seoul denies leakage of Lee-Obama conversation

http://www.straitstimes.com/BreakingNews/Asia/Story/STIStory_676706.html

Notorious rootkit gets self-propagation powers

http://www.theregister.co.uk/2011/06/03/tdss_self_propagation_powers/

TDSS Rootkit now propagates by acting as a rogue DHCP server, directing clients to poisoned DNS server.

Iran Announces Plans To Build Its Own Internet, Operating System

http://www.techdirt.com/articles/20110531/13372014492/censoring-begins-home-iran-announces-plans-to-build-its-own-internet-operating-system.shtml

http://www.foxnews.com/scitech/2011/05/29/new-form-censorship-iran-moves-disconnect-internet-world/

RSA – will replace 40 million tokens

http://www.theregister.co.uk/2011/06/07/rsa_token_replacement_offer/

http://www.darknet.org.uk/2011/06/rsa-finally-admits-40-million-securid-tokens-have-been-compromised/

Note that earlier RSA has publically stated that there is no reason for customers to be worried.

Acer inadvertently releases 40,000 customer details

http://www.h-online.com/security/news/item/Acer-inadvertently-releases-40-000-customer-details-1255998.html

After delay, hacker to show flaws in Siemens industrial gear at Blackhat

http://www.itworld.com/171679/after-delay-hacker-show-flaws-siemens-industrial-gear

Remember that this talks was cancelled at the request oif DHS and Siemens.

Note that Siemens has publically stated that there is no reason for customers to be worried.

Just like RSA.. Anyhow – the gauntlet has been thrown. Siemens has little more than a month to fix the problem.

Romanians pocket $1.5m in alleged ATM skimming spree

http://www.theregister.co.uk/2011/06/07/atm_skimming_indictment/

New Oracle Sun Java 6 Update 26 Release Contains Security Fixes for 17 holes

http://blog.sharpesecurity.com/2011/06/08/new-oracle-sun-java-6-update-26-release-contains-security-fixes/

http://krebsonsecurity.com/2011/06/java-patch-plugs-17-security-holes

Update now. And update your Flash as well if you haven’t/

CloudFlare: A website security product accidentally makes sites 60% faster

http://thenextweb.com/industry/2011/06/07/cloudflare-a-website-security-product-accidentally-makes-sites-60-faster/

By careful use of CloudFlare, you can instrument and tune your website and improve loading time. There’s no magic function for speed.

Tennessee Makes Password Sharing Illegal

http://www.schneier.com/blog/archives/2011/06/tennessee_makes.html

So don’t let your kids use your iTune account in Tennessee. Sheesh.

Anonymous hacks sites in India in fight against corruption

http://www.networkworld.com/news/2011/060711-anonymous-hacks-indian-site-in.html

Their message: “There is no use securing. There is no use of spending on forensic. Get this message clear Mr. Prime Minister and others”.

Citibank hacked

http://www.reuters.com/article/2011/06/09/us-citi-idUSTRE7580TM20110609

http://www.theregister.co.uk/2011/06/09/citibank_hack_attack/

Citigroup Inc said computer hackers breached the bank’s network and accessed the data of about 200,000 bank card holders in North America, the latest of a string of cyber attacks on high-profile companies.

Hackers exploiting Flash Player XSS vulnerability

http://www.zdnet.com/blog/security/hackers-exploiting-flash-player-xss-vulnerability/8732

Google Removes ‘Suspicious’ Apps From Android Market

http://www.darkreading.com/advanced-threats/167901091/security/news/230500152/google-removes-suspicious-apps-from-android-market.html

‘Angry Birds’ spinoffs may contain malware that steals data from smartphone, researchers say, but other experts say it may not be malicious–just too invasive

US urges Code of Conduct for Internet Commerce

http://www.msnbc.msn.com/id/43338118/ns/technology_and_science-security/

IBM building security into cloud fabric

http://www.networkworld.com/news/2011/060911-ibm-security.html

IBM executives said this week that the company is looking to many of its existing tools, from the Tivoli management system to Cognos business intelligence software, to secure private and IBM-hosted hybrid clouds as customers migrate to these new computing setups.

Australian banks replace RSA tokens

http://www.theregister.co.uk/2011/06/09/banks_replacing_tokens/

Secure coding news flash: BSIMM3 coming in August

http://www.networkworld.com/news/2011/061011-secure-coding-news-flash-bsimm3.html

FBI Investigating Cyber Theft of $139,000 from Pittsford, NY

http://krebsonsecurity.com/2011/06/fbi-investigating-cyber-theft-of-139000-from-pittsford-ny/

The thieves initiated a small batch of automated clearing house (ACH) transfers to several money mules

Gaming firm Codemaster suffers data breach

http://www.salisburyjournal.co.uk/uk_national_news/9079035.Gaming_firm_suffers_data_breach/

International Monetary Fund Reportedly Hacked

https://threatpost.com/en_us/blogs/international-monetary-fund-reportedly-hacked-061111

http://www.theregister.co.uk/2011/06/13/imf_hack_attack/

http://www.nytimes.com/2011/06/12/world/12imf.html?_r=4

http://www.bbc.co.uk/news/world-us-canada-13740591

http://www.bloomberg.com/news/2011-06-11/imf-computer-system-infiltrated-by-hackers-said-to-work-for-foreign-state.html

FBI Investigates Lockheed Martin breach

http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2011/06/02/bloomberg1376-LM6M140D9L3501-2C8M3MREK0LT46COCGRS3UCA8S.DTL

Seeking Address: Why Cyber Attacks Are So Difficult to Trace Back to Hackers

http://www.scientificamerican.com/article.cfm?id=tracking-cyber-hackers

Sony, Google, RSA and now Citigroup are just some of the prominent victims of cyber attacks as defenses at large organizations prove porous and attackers elude detection

Hackers break into Senate computers

http://www.centralkynews.com/amnews/sns-rt-us-cybersecurity-ustre75c5ji-20110613,0,5193525.story

http://www.theregister.co.uk/2011/06/14/lulzsec_senate_bethesda_hack/

The loosely organized hacker group Lulz Security broke into a public portion of the Senate website but did not reach behind a firewall into a more sensitive portion of the network, Martina Bradford, the deputy Senate sergeant at arms, said on Monday.

U.S. Underwrites Internet Detour Around Censors

http://www.nytimes.com/2011/06/12/world/12internet.html?_r=3&smid=tw-nytimes&seid=auto

Connect.Me & The Respect Trust Framework™ -

From Tim O’Reily

http://connect.me/c/trust

The Respect Trust Framework is a new approach to giving individuals control over their personal data. A trust framework is a set of legal and technical rules by which members of a network agree to operate in order to achieve trust online. Read the white paper.

http://blog.connect.me/whitepaper-the-personal-network

http://posterous.com/getfile/files.posterous.com/temp-2011-05-10/hniidzvvmhaCEmqxaIJruBvehzlvwAsxrxlcFJIoksCninpGvjygJmpIcrbr/the-personal-network-2011-05-10a.pdf

Who is behind the hacks? (FAQ)

http://news.cnet.com/8301-27080_3-20071100-245/who-is-behind-the-hacks-faq/?tag=cnetRiver

A reasonable summary. Mentions Anonymous, LulzSec, Idahc, and Foreign countries

Commerce Department: Recent Wave Of Cyberattacks Sounds An Urgent Wake-up Call

http://blogs.forbes.com/kashmirhill/2011/06/14/commerce-department-recent-wave-of-cyberattacks-sounds-an-urgent-wake-up-call/

Citigroup Attackers Used Simple, Clever [i.e. lame - Bruce] Entry Point

https://threatpost.com/en_us/blogs/citigroup-attackers-used-simple-clever-entry-point-061411

http://www.nytimes.com/2011/06/14/technology/14security.html?ref=technology

http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-broke-door-using-banks-website.html

They just enumerated account numbers on the URL. Smack forehead.

Citigroup now says 360,000 affected by hackers

http://ap.onlineathens.com/pstories/20110616/844999528.shtml

FBI’s New Guidelines Further Loosen Constraints on Monitoring

http://www.cato-at-liberty.org/fbi%E2%80%99s-new-guidelines-further-loosen-constraints-on-monitoring/

Security Experts: Hackers Can Shut Down S Korea in 3 Hours

http://www.dallasblog.com/201106141008163/dallas-blog/security-experts-hackers-can-shut-down-s-korea-in-3-hours.html

NIST has finalized the NIST SP 800-82 document, entitled “Guide to Industrial Control Systems (ICS) Security”.

http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf

NSA allies with Internet carriers to thwart cyber attacks against defense firms

http://www.washingtonpost.com/national/major-internet-service-providers-cooperating-with-nsa-on-monitoring-traffic/2011/06/07/AG2dukXH_story.html

“The National Security Agency is working with Internet service providers to deploy a new generation of tools to scan e-mail and other digital traffic with the goal of thwarting cyberattacks against defense firms by foreign adversaries, senior defense and industry officials say.”

Citigroup Breach Now Reportedly Affecting More Than 360k

http://threatpost.com/en_us/blogs/citigroup-breach-now-reportedly-affecting-more-360k-061611

Amazon Web Services Overview of Security Processes

http://d36cz9buwru1tt.cloudfront.ne/pdf/AWS_Security_Whitepaper.pdf

A new whitepaper from Amazon. It covers

Amazon Elastic Compute Cloud (Amazon EC2) Security
Amazon Virtual Private Cloud (Amazon VPC)
Amazon Simple Storage Service (Amazon S3) Security
Amazon SimpleDB Security
Amazon Relational Database Service (Amazon RDS) Security
Amazon Simple Queue Service (Amazon SQS) Security
Amazon Simple Notification Service (SNS) Security
Amazon CloudWatch Security
Auto Scaling Security
Amazon CloudFront Security
Amazon Elastic MapReduce Security

Thousands of Aussie websites exposed in hack attack of Distribute.IT

http://www.mailtimes.com.au/news/national/national/general/thousands-of-aussie-websites-exposed-in-hack-attack/2198847.aspx

‘Thousands of Australian websites are vulnerable to being taken over by hackers following a break-in at Australian domain registrar and web host Distribute.IT, security experts say.”

Germany opens cyberdefence centre to protect water, electricity

http://www.theregister.co.uk/2011/06/16/germany_cyber_defence_to_defend_infrastructure/

Adobe Patches Critical Bugs in Flash, Reader, Acrobat (June 15th)

http://threatpost.com/en_us/blogs/adobe-patches-critical-bugs-flash-reader-acrobat-061511

Latest version is 10.3.181.26

Hackers target virtual currency

http://www.echonews.com.au/story/2011/06/18/hackers-target-virtual-currency-bitcoin/

Bitcoin is a true anonymous digital currency based on cryptography. The value of bitcoins to the US has increased substantially. Now hackers have a way to break into Windows boxes to steal someone’s bitcoin wallet.

Bitcoin transaction exxplorer

http://blockexplorer.com/

This shows you how important bitcoin has become, with people trading thousands of dollars a day. Some huge transactions occurring.

Facebook, PayPal users urged to check logins after hacking

http://www.cbc.ca/news/canada/prince-edward-island/story/2011/06/17/pei-lulzsec-personal-internet-accounts-584.html?ref=rss

Here is the list of accounts that were compromized- http://dazzlepod.com/lulzsec/

Youtube Video on Stuxnet

http://www.youtube.com/watch?v=7g0pi4J8auQ

Very glitzy and suitable to scare the masses. Loose with the facts, i.e. “20 zero-day vulnerabilities”. As far as I know, there were 4, not 20. The takeaway – Stuxnet is an open source weapon. It doesn’t matter who designed it. What matters is who will use it next. We are supposed to tremble where we hear this.

US builds net for cyber war games

http://www.bbc.co.uk/news/technology-13807815

The United States government is building its own “scale model” of the internet to carry out cyber war games.

Cyber Security: China at risk from hacker’s cyber attacks

http://uk.ibtimes.com/articles/164650/20110617/china-us-security-cyber-hack-weak-vulnerable-hackers-america-deparment-of-homeland-cyberattack-googl.htm

From Dillon Beresford, the person who recently found the Siemens flaw.

Sega says hackers stole data of 1.29 million users

http://www.bbc.co.uk/news/technology-13829690

Sega has confirmed that the personal data of 1.29 million of its customers was stolen in an attack on its systems.

Network Solutions’ Systems Back Online Following DDoS Attacks

http://threatpost.com/en_us/blogs/after-ddos-attacks-network-solutions-systems-back-online-062211

NorthropGrumman constantly under attack by cyber-gangs — forensics reveal distinct groups going after sensitive data

http://www.networkworld.com/news/2011/062111-northrop-grumman.html?source=nww_rss

Lulzsec and Anonymous form “Operation Anti-Security”

http://www.thehackernews.com/2011/06/lulzsec-anonymous-initiates-operation.html

WordPress Advises Password Reset After Finding Suspicious Commits

http://threatpost.com/en_us/blogs/wordpress-advises-password-reset-after-finding-suspicious-commits-062211

CNET composed a spreadsheet of hacker activity.

https://spreadsheets.google.com/spreadsheet/ccc?key=0Apf9SIxJ8Cm_dGxuNUJjbmM5LU40bVdWaFBVcTZPN3c&hl=en_US&single=true&gid=0&range=A1:J47&output=html

Dox everywhere: LulzSec under attack from hackers, law enforcement

http://arstechnica.com/security/news/2011/06/dox-everywhere-lulzsec-under-attack-from-hackers-law-enforcement.ars

90% of companies say they’ve been hacked: Survey

http://www.networkworld.com/news/2011/062211-90-of-companies-say-theyve.html?hpg1=bn

Cyber attack jams Brazilian presidency’s website

http://www.bellinghamherald.com/2011/06/22/2071322/cyber-attack-jams-brazilian-presidencys.html

Feds crack multi-million scareware ring

http://www.theregister.co.uk/2011/06/23/fbi_scareware_arrests/

This is related to the following blog post.

Financial Mogul Linked to DDoS Attacks

http://krebsonsecurity.com/2011/06/financial-mogul-linked-to-ddos-attacks

Pavel Vrublevsky, the embattled co-founder of ChronoPay — Russia’s largest online payments processor — has reportedly fled the country after the arrest of a suspect who confessed that he was hired by Vrublevsky to launch a debilitating cyber attack against a top ChronoPay competitor.

Hackers Exploiting Latest Adobe Flash Bug On Large Scale

http://www.darknet.org.uk/2011/06/hackers-exploiting-latest-adobe-flash-bug-on-large-scale/

Chronology of Data Breaches Security Breaches 2005 – Present

http://www.privacyrights.org/data-breach?order=field_breach_total_value&sort=desc

IMF identifies computer files hacked in cyber attack

http://www.rawstory.com/rs/2011/06/23/imf-identifies-computer-files-hacked-in-cyber-attack/

Group says it hacked Arizona public safety files

http://newsok.com/group-says-it-hacked-arizona-public-safety-files/article/feed/270796

Travelodge admits hack

http://www.theregister.co.uk/2011/06/24/travelodge_hacked/

Replica keys can be generated using a camera 195 feet away.

http://www.jacobsschool.ucsd.edu/news/news_releases/release.sfe?id=791

UC San Diego computer scientists have built a software program that can perform key duplication without having the key. Instead, the computer scientists only need a photograph of the key.

Should I change my password?

https://shouldichangemypassword.com/

This is a site that has a repository of all hacked accounts.

You can enter your email address, and it will tell you if there are public records revealing your password, and if you should change it.

No passwords are stored in the ShouldIChangeMyPassword.com database.

List of Cyber Event Calendar from IATAC Information Assurance Technology Analysis Center

http://iac.dtic.mil/iatac/IOcalendar/cyber_calendar_current.html

Useful visual of secure hash key length over history

http://valerieaurora.org/hash.html

Popular, but sluggish secure server? Popularity might not be the reason

http://my.opera.com/yngve/blog/2011/06/23/popular-but-sluggish-secure-server-popularity-might-not-be-the-reason

30% of popular sites use SSL inefficiently

Apple Issues Huge Security Update, Releases OS X 10.6.8

http://threatpost.com/en_us/blogs/apple-issues-huge-security-update-releases-os-x-1068-062411

Wisper: 1 inch by 1 inch disposable router for DHS

http://www.fastcompany.com/1762656/wisper-disposable-communication-routers-track-firefighters-with-breadcrumbs

http://www.dhs.gov/files/programs/st-snapshots-self-powered-waterpoof-heat-resistant-router.shtm

Are LulzSec, Anonymous The Pissed-Off Canary In The Coal Mine?

http://www.darkreading.com/blog/231000379/are-lulzsec-anonymous-the-pissed-off-canary-in-the-coal-mine.html

LulzSec and Anonymous could be doing the world a favor by showcasing weak systems, and their actions suggest these systems and others like them could have been compromised for months by those wanting to do harm

Hackers attack Electronic Arts website

http://www.reuters.com/article/2011/06/24/us-electronicarts-hackers-idUSTRE75N58J20110624

Nice article on GPU’s and password cracking

http://erratasec.blogspot.com/2011/06/password-cracking-mining-and-gpus.html

LulzSec calls it quits after 50 days of ‘mayhem’

http://www.networkworld.com/news/2011/062611-lulzsec-calls-it-quits-after.html?source=nww_rss

Citi hackers made $2.7 million

http://www.networkworld.com/news/2011/062511-citi-hackers-made-27.html

About 3,400 of the 360,000 compromised credit card accounts were hit with fraud

Ukraine disrupts $72M Conficker hacking ring

http://www.networkworld.com/news/2011/062311-ukraine-disrupts-72m-conficker-hacking.html

The hackers allegedly pushed fake antivirus software and then also stole banking details

Hit and Hacked, Sony Fights Back

http://www.newsweek.com/2011/06/26/sony-s-ceo-on-battling-cybercrime.html

Enough about Sony, he says: “Everybody is being hacked now.”

ChronoPay Co-Founder Arrested

http://krebsonsecurity.com/2011/06/chronopay-co-founder-arrested/

An interesting example of a gmail account getting hacked

http://www.multitasked.net/2011/jun/27/hacked-gmail-google-account/

After they were able to log in, and change the password and backup email, it was hacked again.

Google kills sickly health, energy projects

http://www.theregister.co.uk/2011/06/27/google_health_and_powermeter_killed/

Google is killing its Health and PowerMeter products due to a lack of interest from would-be customers.

Geohut – the Original Sony PlayStation Hacker, whose lawsuit triggered the Sony hacks, joins Facebook

http://developers.slashdot.org/story/11/06/27/0316244/Geohot-Joins-Facebook-As-Product-Developer

‘Indestructible’ rootkit enslaves 4.5m PCs in 3 months

http://www.theregister.co.uk/2011/06/29/tdss_alureon_advances/

Trojan talks over Tor

http://www.scmagazine.com.au/News/262063,trojan-talks-over-tor.aspx

The Tor communication capability was an addon function to the Bifrost backdoor trojan that allowed the malware to send stolen user data over the encrypted proxy network.

Up-And-Coming Botnet Uses Same Malware Kit As Defunct Mariposa

http://www.darkreading.com/insider-threat/167801100/security/attacks-breaches/231000729/up-and-coming-botnet-uses-same-malware-kit-as-defunct-mariposa.html

‘Butterfly bot’ kit steals financial information, but its licensing model could ultimately lead authorities to its newest botmasters

Groupon passwords in the clear?

http://pauldotcom.com/2011/06/groupon-passwords-in-the-clear.html

Groupon India publishes 300,000 user passwords

http://www.theregister.co.uk/2011/06/28/groupon_india_privacy_breach/

Home of Outed Alleged LulzSec Member Raided in Ohio

http://threatpost.com/en_us/blogs/home-outted-lulzsec-member-mnerva-raided-ohio-062911

Automation Firewall 100/200 is new SIemens appliance

Posted on https://twitter.com/#!/scadahacker

US Govt. plant USB sticks in security study, 60% of subjects take the bait

http://thenextweb.com/industry/2011/06/28/us-govt-plant-usb-sticks-in-security-study-60-of-subjects-take-the-bait/

Most popular iPhone PINs

http://amitay.us/blog/files/most_common_iphone_passcodes.php

Symantec’s Healthcare Expert: Substantial Risk for Cyber Attack on Medical Devices

http://www.thenewnewinternet.com/2011/06/28/symantecs-healthcare-expert-substantial-risk-for-cyber-attack-on-medical-devices/

There is a fiction book “Rain Fall,” published in 2002, where the assassin modifies an imbedded pacemaker’a timing using a wireless link to the device, leaving no physical clue to the cause of death.

http://www.amazon.com/exec/obidos/ASIN/0399149104/

Hackers shut down Al-Qaeda’s net communication

http://www.indiatalkies.com/2011/06/hackers-shut-alqaedas-net-communication.html

Metasploitable – Test Your Metasploit Against A Vulnerable Host

http://www.darknet.org.uk/2011/06/metasploitable-test-your-metasploit-against-a-vulnerable-host/

Fishy Chips: Spies Want to Hack-Proof Circuits (Supply Chain)

http://www.wired.com/dangerroom/2011/06/chips-oy-spies-want-to-hack-proof-circuits/#more-49990

Hacking, Politics, Security

No Comments