Ignorance is the root of all evil ... ;-)

How I got back a returning customer

2011-10-16T15:40:00.000-07:00

Background

A little background information for you folks... who don't understand what I do... I expose the ways in which your network, server, host, web application, website or any other system maybe vulnerable to real attacks. We are not talking about some obscure bug that can't be exploited. We are talking about DNS here...

Now DNS is not exactly rocket science, right? You think so? The customer whom I spoke to doesn't really concur with me on that point. He thinks it is rocket science, since he does not have enough technical knowledge to figure it out. I give him a demonstration of how to tunnel SSH over DNS (Ozyman) and SSH over HTTP :))

Show time (DNS Tunneling)

Once I do that, his auditor freaks out and tells me how I am doing bad things. What is my job again? I expose vulnerabilities and real threats to the customer, I don't perform simple scans and tell the customer to patch some bug without taking business productivity and impact in to consideration. In layman terms, tunneling a protocol over another like discussed above can cause the network to think SSH is just DNS traffic. Truth is some rogue hacker may get a reverse shell running through that port and hide in plain sight.

The customer and his new found "auditor" (read: CISSP / CISA holder, with no grasp of protocols). I had to show documentation, research and a tool. To top it off, I showed a live demo and used Wireshark to show the DNS traffic. I did my job and I did it so well, that the customer becomes scared, confused and everything else, but convinced. The customer does not want to understand the impact, or go with a quality security tester like me.

My mistake

I told them, I will test the environment without any bias and will not support their certification (compliance) efforts, if they fail to co-operate and patch all the important vulnerabilities. This causes a real stir and the next time, the customer (who happened to be a return customer - more than 4 engagements)... fails to choose ME for the 5th time.

Business 101

Guess why they didn't want me? I argued and I failed to co-operate with them for their namesake compliance... OK, from a business point of view I totally understand their hatred towards me. There's an old saying in sales, If You Win the Argument, You Lose the Sale (The auditor played a good part in convincing them, that I am not the right person for the job). When it comes to security and technical aspects, I put my money where my mouth was... and showed them a real demonstration.

Better Late Than Never

What did I learn? Be co-operative... or lose the sale. I'd rather have it my way or the highway... and a customer who can not appreciate quality is always going to end up in my bad books. I am a person that believes in quality over everything else.

What did they learn? The customer's network got hacked exactly 90 days, after they achieved compliance. The customer didn't hesitate to call me. The manager at their firm said some thing I am very proud of... He said, "We are calling you because you scared us just like that hacker..."

For a few dollars more
After the post mortem and forensic analysis, I helped them to set up an incident response plan. The customer now engages me for security testing and over all maintenance of their network. I have gained a returning customer, after losing them once. Selling is all about second chances ;))

P.S: This is NOT the First Time, I am getting a call from a customer that disagreed with me and got hacked!

Cheers,
Kish

Wow, Goodbye Steve?

2011-10-06T03:35:00.000-07:00

Is it that time of the century for an inventor to be gone? Gee, that sucks... Goodbye Steve :(

Steve is an inspiration at best and he braved - being born to unmarried parents, thrown to be adopted by his mother... Then he drops out of college, founder of apple, founder of pixar, rejoins apple - a revolution happens with iPhone, iPad, iPod and owning an Apple product doesn't make you exclusive anymore, they've turned from being a niche company to a mainstream company with nearly $350 Billion USD in stocks... The only company that makes more money than Apple is Exxon Mobil and they do it from oil, not from ideas !

R.I.P Steve, also R.I.P A.C Nielsen... Peace !

iQuit... Steve job quits apple, what again?

2011-08-27T05:59:00.000-07:00

I have stopped counting the number of times, he's quit and come back to Apple...

Really would be a relief, if he let M$ stay on top and generate serious revenue compared to Apple. Personally, I'd like to see iPhone and a lot of i Apps / i Hardware(s) to stop... The world becomes restricted to bullshit software provided by apple... and their updates, well you've got to pay for it? WTF?

A lot of apple fans are pissed because the software, drm and whole pay for your updates BS - what if, they introduce bugs just to push more updates... That is not happening now, but some thing like that isn't impossible... ;)

It would be ironic to have such ridiculous stuff going on, amidst their already high number of vulnerabilities. iHate - Apple... All that aside, Steve Jobs is a great guy (business strategy, promotion, ideas and inspiring), Good luck to him !

Love Letters...

2011-07-09T12:32:00.001-07:00

I just love this, love this mail, especially the part about monies... hahaha !

Thank you for the Love letters :D

Note: Top 5 Database Breaches in 2011

2011-06-06T04:47:00.000-07:00

1. Victim: HBGary Federal
Assets Stolen/Affected: 60,000 confidential emails, executive social media accounts, and customer information.

2. Victim: RSA
Assets Stolen/Affected: Proprietary information about RSA's SecurID authentication tokens.

3. Victim: Epsilon
Assets Stolen: E-mail databases from 2 percent of the firm's 2,500 corporate clients.

4. Victim: Sony
Assets Stolen: More than 100 million customer account details and 12 million unencrypted credit card numbers.

5. Victim: Texas Comptroller's Office
Assets Stolen: The names, Social Security numbers, and mailing addresses of 3.5 million individuals, plus dates of birth and driver's license numbers of some.

Note for reference... :D

And you thought online booking is safe

2011-04-28T10:29:00.000-07:00

INOX Movies features - A lesson in "designing secure web pages"

Vulnerable URL: hxxp://www.inoxmovies.com/seatlayout.aspx

Incase you don't understand what will be the bug, it will be a SQL Injection!

INOX Movies is "Safe"... Come on, it uses "http"... it's unbreakable! :D

APNIC runs out of IPv4 Address

2011-04-17T02:35:00.001-07:00

http://www.apnic.net/publications/news/2011/final-8

If you haven't read this announcement, read it and act on IPv6... deployment for your enterprise environment.

Cheers,
Kish

Ignorance is "THE" root of all evil

2011-02-12T10:59:00.000-08:00

Example? HBGary's latest pwnage by Anonymous group... Can't understand why they don't maintain good passwords, different passwords for their account, some user awareness and why they can't get pro-active website maintenance and testing. They have so much capital and as the last line in the JPG says... "not expertly secured" ... Epic FAIL.

BTW, I had and still have respect for Greg Hoglund from HBGary. All in all, they lost clients and will have bad PR for the next month or so... please work on your security "before" you get hacked.

For all the guys, who insist on "no DoS, no stress testing, no client side testing and no social engineering" - [04:18] <&Sabu> greg, a 16 year old girl social engineered your admin jussi and got root to rootkit.com

Yes, that's straight from a IRC chat log involving Greg(HBGary), Penny (HBGary) and the anonymous group... I read the full log for the LOLs :D

Peace !

Back... To Security Testing

2010-12-18T23:17:00.000-08:00

After a recent flood of investigative, forensic and legal support requests... We are back ON-Track to security testing... Always great to have the 'hacker' tag :D

I certainly appreciate my clients who entrusted their resources to me for investigations and forensic work, but nothing like our bread-and-butter, haha.

The headlines from ArsTechnica read "MSE 2.0 arrives with heuristic scanning, network traffic inspection" & "December 2010 Patch Tuesday will come with most bulletins ever"... and ZDNet's headlines include "Microsoft delivers patches for IE, font driver; Puts Stuxnet to bed" & "Apple plugs 15 gaping security holes in QuickTime"

Some surprise that MSE 2.0 has been successful, because it was released earlier for as a pilot - and failed in 1.0 before they learned their lessons and launched 2.0 ;)

Same surprise about Windows Patch Tuesday - I love MS, they help us survive and stay in business... No Wonder, with tools like Metasploit and CANVAS around :D

Stuxnet has been put to bed and that is indeed good news...

We are going to have a blast, 3 pen-tests already lined up :))

UIDAI Scheme - Or - Compromising my privacy?

2010-08-01T13:15:00.000-07:00

What we know / heard from a few sources?

Basic Information:
The UID itself will collect only standard attributes such as name, date of birth, gender, father/mother/spouse/guardians name, address and a photograph. The only unique information is the biometrics (10 fingerprints and both IRIS scans).

Who / Why / Usage
The UID will be given to all residents who are in India and avail services and not just citizens.

The information in the database will be used only for authentication purposes and will not be shared or transmitted. Anyone seeking to authenticate the identity of another person using the UID database – will only get a response in YES or NO.

About working / operations:
The UIDAI is working on a partnership model with a variety of agencies and service providers ( both government and private sector) to enroll residents for UID Numbers and verify their identity. For e.g. Insurance companies, LPG marketing companies, RSBY, MG-NREGA etc. The UIDAI will also engage with Outreach Groups (essentially CSOs) to target, the homeless, urban poor, tribals, differently-abled population of the country etc.

About security:
The UID database will be guarded both physically and electronically by a few select individuals with high clearance. It will not be available even for many members of the UID staff and will be secured through encryption, and in a highly secure data vault.

Is your security up to the mark ? What is that secure data vault thing? Please don't use such terms, a layman maybe fooled into thinking "ultra secure" when in reality, you're storing it in the most haphazard manner.

Why do they (government) want a person's mother's name, father's name, and their respective UID numbers ?

Check this out ... the picture shows what info they are going to collect for the card. Add the present/permanent address thing to this mix, you can have one of our residing addresses, you are the government, you either choose permanent or present address, because parting with "everything" or too much of my private information to you - from me, a hacker's perspective... looks like asking to be stabbed !

All I'm saying is ... basically, devil knows who's got access to this DB once it is implemented. That's not all, they do say there may be an option for a person to escape their identity theft mechanisms and create a completely false identity and obtain a UID, d'uh !

Murphy's law folks, if you missed it ... "If anything can go wrong, it will"

Security Model for UIDAI Scheme

Always be prepared for the worst case scenarios, stop deducing cyber crime with just audit trails for a change.

Offences under UIDAI Act - Check out the screenshot

Addition about the IT Act 2000, and consequences if you compromise their DB,"All offences under the Information Technology Act shall be deemed to be offences under the UIDAI if directed against the UIDAI or its database."

Small FAQ I built for the readers,

Q. How will they (government) manage and secure 1.20 billion people's information ?
A. They wish to encrypt information and store it in a centralized DB...

Q. What security design will be implemented for Server and the Network/Client?
A. We have Firewall, IDS, IPS - alphabet soup basically, and Encryption with PKI.

Oh, my! the traditional defense-in-depth approach - Lauds the government. What about being proactive and conducting tests regularly? (Pen test, code review, DB security, red teaming, and compliance for the supporting infrastructure)

Q. Will my information be secure in the database?
A. Well, it depends... lol !
"The UID database will be susceptible to attacks and leaks at various levels. The UIDAI must have enough teeth to be able to address and deal with these issues effectively."

Q. What will the basic information and biometrics be integrated with?
A. Banks, Ration shop, Income Tax Dept, Passports, Credit Card/Debit Card, Online accounts. Precisely, enough sensitive data will be integrated with so-cal best practices to leave you stabbed from a lot of angles.

People who define security should not use the abbreviation for et-cetera (etc). Define and then write a document, because you are dealing with national security and a billion plus populous here. Don't be so naive and clueless by mentioning stuff like "Network, Client Security – Encryption, PKI etc"

From the looks of it, The way in which the government is dealing with our information is haphazard, to say the least.

Cheers,
Kish

Xchanging URLs now ;))

2010-07-23T23:55:00.001-07:00

The vulnerable page is still there, and there is no fix... but hey, the web developers sure learned to redirect the vulnerable page to home.html... ironic ;))

Web development and Security @ Xchanging - EPIC FAIL... sorry folks... Try harder next time... If you want to contact me for a penetration test, here's my mail: kishfellow at yahoo dot com

Cheers,
Kish

Xchanging SQL Injections with you...

2010-07-21T05:51:00.000-07:00

Xchanging - Xchanging plc (LSE: XCH) is a business processing company, with a wide range of multinational customers in 42 countries and employing over 8,000 people worldwide. It is listed on the London Stock Exchange and is in the FTSE 250 Index. Xchanging is also a member of the FTSE4Good index.

They have a potential SQL injection here, well... someone needs a pen-test?
http://selfservice.xchanging.com/serviceportal/default.aspx?offset=

Cheers,
Kish

Linux migration SNAFU

2010-07-06T06:07:00.000-07:00

Disclaimer: The author is not against windows, the author is not against linux, the author is against "stupid" practices and communication gap while migrating from one OS to another. The author is an ardent Linux and BSD Fan, and supports FOSS/OSS movements.

The inspiration for this post comes from a REAL company whose employees were not so happy and almost resigned their posts owing to a bad migration.

Here is a story of a simple Linux migration gone-all-wrong.

The last thing any employee wants at the office on Monday morning is to turn on their workstation to find Linux instead of their beloved Windows operating system.

How NOT TO MIGRATE from Windows to Linux
- For Lower TCO, access to source code,
- For Economic benefit, Ethical Benefit,
- For Access to Source code,
- For whatever-else-you-deem-fit to trigger a migration

You certainly have to communicate to your employee formally - written as a memo circulated throughout the ranks, or a simple e-mail to all employees notifying the change.

Analysis : Why it went wrong ?
Things that made this particular migration go wrong...
1) The employees were not informed prior to the migration
2) Backup was not in place, only last minute backup was available
3) There was no Linux101, Command Line usage or any induction towards the new operating system at their disposal.
4) No clear planning, and deployment - Old versions of Ubuntu were deployed.
5) There was no consultant or subject matter expert to assist the migration.

How TO MIGRATE from Windows to Linux
- Prior to the transition from one OS to another - inform your employees formally
- Get them involved in the planning and ask for their views & suggestions
- After giving the heads-up, arrange for a backup (through System Administrator)
- To make the transition smooth decide who needs a Linux desktop and how many Windows systems can be retained (to reduce training budget)
- Choose a Linux distribution based on - User competence, prior experience, and business goal (why linux?)
- Engage an external consultant or subject matter expert
- Plan the switch with software used currently and alternate software available for linux
HINT: ptth://www.osalt.com
- Deploy a test bed and introduce the operating system functionality
- Arrange for a formal induction (hands-on) with the consultant
- Clarify doubts and exchange ideas, get tips and tricks and further reading
- Arrange for a dinner (makes employees happy to eat and learn, than just learning)
- Use linux philosophy from time to time - for motivation, increasing productivity, and squeezing employees to the max, hehe !

"The only thing worse than training good employees and losing them is NOT training your employees and keeping them."
- Zig ziglar

Point to be taken from this post: Next time you migrate to any linux distribution, make sure you Communicate the change, engage a subject matter expert, plan, test, and then deploy.

Cheers,
Kish

PS: We offer Linux migration services, and Open Source consulting of the best quality at very nominal pricing. Contact me for more information.

U Socket - USB Charging directly from plug points

2010-05-31T03:02:00.001-07:00

Quoting from their website,
"U-Socket is a duplex AC receptacle with built-in USB ports that can power any device that is capable of being charged via a 5V power adapter, but without the need for the power adapter! When a U-Socket replaces a traditional 3-prong AC wall socket, you can eliminate the clutter of AC Adapters that stick out & take up space in your home or office. Everything stays neat & organized. In additional, U-Socket's energy efficient design only outputs power through the USB port if something is connected to it. This can save you up to $25 per year in reduced energy costs. Good for you, good for the environment and with our great prices, good for your wallet too!"

Neat little addition to your desk to charge your devices like iPad or mp3 players :)

For more information, click here

Cheers,
Kish

No pun intended

2010-02-07T03:11:00.000-08:00

Pen tester1: I have have very less issues related to security compared to my windows laptop
Kish: probably, because people own macs silently ;)
Pen tester1: ...

Evil Maid - Pwnie for Overhyped bug

2009-10-17T23:14:00.000-07:00

Hey dudes, and dudettes, Happy Diwali to y’all !

Today’s post is about the Evil maid's exploits on an unsuspecting computer user...

Scenario
Full disk encryption with Truecrypt in this case...

The author mentions PGP whole disk encryption but never mentions about testing it on the humor-me FAQ, LOL! :D

Attack
Joanna of Invisible things has come up with an attack (social engineering + physical access + usb drive?!) - WTF I say... If a person has physical access to your box, it is pretty much a goner... what difference does it make if I boot from a live-cd and use a keylogger or do the same thing from an USB drive?

Solution
Disable USB boot from BIOS options (this ain't nothing new to talk about, building a custom USB drive with a small kernel and a simple keylogger is NOT new)

If you know your way around in Linux, and you use it as a base for your penetration testing laptop. Try modprobe -r usb_storage and blacklist in your conf file, if you are paranoid.

You can easily convert the install/remove commands into a shell-script. Alternately, USB devices can be disabled at the kernel level via GRUB or any other boot loader by editing menu.lst / grub.conf

There is also a humor-me FAQ that says...

Q: Is this Evil Maid Attack some l33t new h4ck?
Nope, the concept behind the Evil Maid Attack is neither new, nor l33t in any way.

Q: So, why did you write it?
Because we believe it demonstrates an important problem, and we would like more attention to be paid in the industry to solving it.

As if nobody has covered these hardware based and/or social engineering attacks in the past?

Q: I've disabled boot from USB in BIOS and my BIOS is password protected, am I protected against EM?
No. Taking out your HDD, hooking it up to a USB enclosure case and later installing it back to your laptop increases the attack time by some 5-15 minutes at most. A maid has to carry her own laptop to do this though.

I loved this part... Every maid knows how to pull apart a laptop and remove the hard-drive enclosure without damaging the drive... Do all maids have prior training in corporate espionage, and basic computer/laptop hardware and operations? LOL!

Q: Why did you choose TrueCrypt and not some other product? Because we believe TrueCrypt is a great product, we use it often in our lab, and we would love to see it getting some better protection against such attacks.

Encryption must protect against physical attacks? Since when did that become a pre-requisite for a fool-proof encryption system/software... since the day "Evil maid was coded" I guess... ;))

Their solutions: Protect your laptop (wow, you discovered something here…), TPM (aka snake oil), Disk Hasher (oh, hashing is a “reasonable” solution even though it is broken)

Let me get this straight, you invent a problem out of nothing and you suggest YOUR own solution, roflmao!

Bottom-line
General unsuspecting public will leave a laptop like this fine lady here suggests. If a person identifies himself/herself a hacker, they are NOT supposed to leave their laptops in a hostile environment... When you leave like that, don't identify yourself as a hacker.

Acknowledgments
Thanks to the ennead@truecrypt.org for all the polemics we had which allowed me to better gather my thoughts on the topic. The same thanks to Alex and Rafal, for all the polemics I have had with them (it's customary for ITL to spend a lot of time finding bugs in each other's reasoning).

The person demonstrating such a GREAT attack will go to any extent to prove that an attack is possible, but will not think one bit as to whether it is practical??

Truecrypt clearly mentions about physical attacks in their documentation, which means they are not addressing the issue, and they want you to find something more serious and interesting to work on and if you don’t have a lot of ideas, ping Halvar Flake – He’s a smart guy with a lot of ideas which are innovative. Stop rehashing old attacks and building small Linux kernels with a simple keylogger and write a humor-me FAQ with “we want more attention” (you want the industry to pay attention to the attack or you?)

Truecrypt Dev: My answer was a good safety case or strongbox with a good lock. If you use it, then you will notice that the attacker has accessed your notebook inside (as the case or strongbox will be damaged and it cannot be replaced because you had the correct key with you). If the safety case or strongbox can be opened without getting damaged & unusable, then it's not a good safety case or strongbox. ;-)

Well, what can I say, except … he pwned you!

I nominate “the Evil Maid” for the Pwnie Awards 2010 - Most Overhyped bug… perhaps someone can beat Joanna to the race… Let’s see… hehe!

Errr...Where's all the rum gone?

R.I.P - Fravia, the master

2009-07-30T09:55:00.000-07:00

Fravia (Fjalar Ravia) from Germany is amongst one of the most finest and brave human beings on this planet. He was an ardent reverse-engineer and a master at what he did. In early 2005/06 he gravitated on to search related stuff. He's a good friend and a great guy personally... I didn't know he was dead until I was talking to a friend on RCE.

Without your teachings, emails and your website, I will not be where I am today.

R.I.P Fravia, the brave may not live forever, but the cautious don't live at all !

Warning: Don't be conned

2009-05-04T02:27:00.000-07:00

Warning: Don't be conned

This POST is about an exceptionally serious issue, so don't be conned, or fall prey to impostors, and bad guys...

Message:

Don't dial 90# or 09#, #09 or any other combination requested by any technician / serviceman CLAIMING TO BE from your subscriber, on Nokia, and Motorola mobiles these codes are used by telephone service men to test line connectivity, these codes can also steal your number, and enable the caller to use your mobile to make calls, and bill it on your number.

Technically,the caller can SPOOF HIS NUMBER to make calls, which will be routed through and billed on your number so stay alert, terrorists have used these type of conning tricks in the past,and use it now so be careful, and spread the word ...

The information has been confirmed, by Nokia, Motorola, and CNN websites.

Getting passwords with P2P

2009-04-25T22:03:00.000-07:00

Getting passwords with p2p softwares
(Limewire/Bearshare/Kazaa/Shareaza/emule)

1. First you need to get any p2p software,download it with the crack.
2. When you get bearshare and have set it up, click the Search button.
3. Click on 'Documents' in the search section, and type anything like: My Passwords,Yahoo Passwords, Ebay Passwords, My Passes, Rapidshare Pass,XXX Pass, your best bet is My Passwords.txt
4. Now the syntax : Passwords or pass , you can include txt extension if required.
5. Search and download the files and you can see clear text passwords.

How is this possible?
Simple answer, most p2p are illegal, they share your whole hd even if you set restrictions to prevent the sharing of entire hd or ur best collections.

Wrote this a while ago, in some forum (this is from my 2006 scribbling), the funny thing is
"it still works!"

/Quit

2009-04-23T22:35:00.000-07:00

Recession ? Okay, but still cigarettes, gutkha, and beers cost the same amount ... ;)

Recession isn't something amazing, it's just another rough patch ... Get over it already!

Cheers,
Kish

2009-03-07T14:31:00.000-08:00

How to get Examworx dumps for FREE, with a specially crafted URL (similar to my Actualtests bug)

Example PoC: http://www.examworx.com/qadownsession365/BE-100W.exe

URL syntax: http://www.examworx.com/qadownsession365/exam-code.exe

Demos are hosted within the demo directory, as for the earlier example:
http://www.examworx.com/qadownsession365/demo\BE-100W.exe

Screenshot

Examworx is usually, a Pass4sure clone, but no guarantees !
Why pay for the dumps, when you can practically download them for FREE ;)

Cheers,
Kish

2009-02-27T08:54:00.001-08:00

My good friend and fellow hacker, Digi from Crimemachine has been chosen to as VMWare vExpert. Only 300 people in the world have made it to the list... John Troyer of VMWare will publish the list sooner or later, on the website, and there's exclusive access to VMworld materials, and more in a private community just for these vetted list of vExperts.

I sincerely wish him, the best of luck to succeed in more of his endeavors with VMware and his consulting projects !

Cheers,
Kish

2008-10-10T19:57:00.000-07:00

Worked @ _some company_ for 15 months, it was quite an experience ;)

Now Iam back to normal ... or what's normal for me, to freelance, and consult in security just like old times. These days Iam consulting on Open Source, Linux, Virtualization, Network Monitoring/Analysis, Digital Security (not limited to Network Security) but also includes services like Forensics (Host, and Network), Incident Response, Web Security (App, Server, Services) ...

We also provide value added services, and sell security advisories, industry grade exploits, and malware signatures for your IDS/IPS. We also provide malware "source code" if you want in bulk or any specific sample that you require.

If you're looking out for any of these services, shoot me an email !

Cheers :)
Kish

2008-10-02T04:36:00.000-07:00

As many people think Iam dead ... I just want to remind you guys that I'm still up and running ...

This blog is not dead, will try and post content from time to time ...
But life these days has a lot more to do than with computers, security, and blogging ...

Thanks to the anonymous friend, who asked if I'm still here ... The answer is YES :)

Cheers :)
Kish

2008-01-31T00:11:00.000-08:00

Just nitpicked a small xss, which could've been spotted by anybody.

Code quality: Worse
Bug class: XSS
Exploitable: Yes

Here is the Original URL

XSS URL which "could" be malicious, this one's absolutely not, so don't worry

You know, it's been too long since I posted here. I have three blogs...

Offensive Computing: I have a small blog there
Your Daily Dose of Jokes : Oh, Yeah, I know about humor too...

Last but not least, my own web log, which is primary place for posting stuff.

These days Iam left with a lot less spare time than 6 months back, when I was freelancing... I'll just hope to stay up and post something from time to time here.

/Quit

2008-01-30T22:42:00.000-08:00

"Hacker Safe" Site Hacked, Data Stolen - Or not so hacker safe
http://www.cioinsight.com/article2/0,1540,2246925,00.asp

New skype vulnerability with PoC
http://www.critical.lt/?opinions/show/1470

Cheers :)
Kish

2007-11-27T22:31:00.000-08:00

Few good links that can help you unbrick your iPhone.

Nice facts here, 5 things you need to know about the iPhone

My 5 steps to unbrick the iPhone would be to ...
Download the 1.0.2 image from Apple's website
Use home + power button to get to the restore screen
Restore your phone's firmware image from updated version to 1.0.2
Then add a contact with the jailbreak and upload anySIM to your iPhone as shown >> here <<
Last but not least, take sometime to read the iPhone wiki which as plethora of information that will come in handy down the road.

Files that you'd require for the process can be found >> here << , arranged neatly.

Have fun hackin your phone.

Cheers :)
Kish

2007-10-31T23:08:00.000-07:00

It's XSS snack time of the day...

Paypal is secure, you can use it for all transactions... Recommended by HackerSafe seal

https://mobile.paypal.com/cgi-bin/wapapp?cmd=_wapapp-static&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

While I was messing with the website, I came across this XSS bug in Paypal, which can be used with Javascript to steal passwords ;))

/Quit

2007-10-29T04:35:00.001-07:00

Google chat can be blocked, without blocking google.com on the whole.You must block chatenabled.mail.google.com with the ports 443 and 80 to talk.google.com.Linux users can use iptables to redirect the traffic to 127.0.0.1 (your local loopback address) You can also use the old fashioned /etc/hosts for the same...

I had to write this post here, because there's been a lot of attention to blocking google's chat lately.

Cheers :)
Kish

2007-10-14T00:03:00.000-07:00

I was invited to speak in LegionSec 07 conference, but due to professional engagements, Iam unable to deliver the talk as promised. The conference organizer has been informed about the glitch.

Cheers :)
Kish

2007-09-16T09:24:00.000-07:00

THE website is back, yes, the one and only CRIMEMACHINE !

Refused by heaven, and feared by hell ... http://www.crimemachine.com

Keep watching for a few or more updates to the site from time to time.

Cheers :)
Kish

2007-09-08T11:10:00.000-07:00

The code displayed below is from MXtreme firewall, and this is a perfect example how NOT to code a web page, especially for an appliance as critical as this... Possibly a 0day ;)

Cheers :)
Kish

2007-07-25T07:02:00.000-07:00

A picture of the M927 warhead, containing 2.63 kg of TNT explosive filling.This cartridge is designed to be used with the Howitzers used by U.S. National Army guard's light artillery forces.

This article talks about a web-exploitation toolkit, which is Mpack. The comments are really funny, it was a good read, the article is originally from Security Focus website.

I personally feel the russian programmers, from DCT have come no close to this invention for destructive usage ;)

PS: Iam not supporting them, it's just that the whole issue is funny.

Then again it could be equally destructive like the m927, ahem !

As per one of the comments, from the article,
"It's just software deal with it", and that is all there is to it, period.

/Quit

2007-07-20T09:04:00.000-07:00

Actual tests website bug ;)

A specially crafted url can grab the "Exact" file from the site,
that's sold, for FREE :D

PoC CCNA : http://downloads.actualtests.com/Pdf-Down/uploads/640-801.zip

hint: replace 640-801 with your favorite exam number, and get it for free

BTW, with stuff like this why would people want to register for the Actual Tests Subscription that costs 99 USD... Then again, Iam not that smart ... hehe !

Bug reported ... and screenshot attached below.

Bug1 - Actual tests website, main

Bug2 - Actual tests website, sub-domain

PS: We can offer ACTUAL TESTS a web penetration test if they're interested.

/Quit

2007-06-23T02:25:00.000-07:00

A random line from my arsenal of quotes ...

HE'S A PEOPLE SPECIALIST, THAT'S WHY HE GOT CONNED ! :))

/Quit

2007-05-28T10:56:00.000-07:00

Time for serving today's pwnsauce (morning_wood* tm), hehe !

Just to prove my re-phrasing right in the previous post, www.appinonline.com comes with a few or more XSS, SQL injection, and buffer overflow bugs ... lol !

They got almost 45 patterns of XSS, 5 patterns of SQL injection, including numeric and string input/multiple input types ... They provide security for top companies, and here's a photograph of their great president, Mr.Rajat Khare ...

PS: They provide WEB-SECURITY, AND APPLICATION SECURITY ... WOW !
Wonder how good they're ?? Here's the proof

PPS: It also proves my argument, that all graduates aren't intelligent, not even the ones from IIT.

In the end, we see that, even today ... the cobbler still goes barefoot ;)

This also goes to say, the security product / vendor / service providers themselves need some security to start with ... and who knows, time will tell if this company can survive the harsh lashes from the cruel media...

Reported the stuff to him :)

/Quit

2007-05-25T07:06:00.000-07:00

Quote from "For a few dollars more" , 1960 something ...

In this world where life has no value, death sometimes has it's price...

I tried to rephrase this for Infosec, hehe ! :P

In this world where a computer's data has no value, a break-in sometimes has it's price.

That's why the hackers sprung up ...

The loss of customer/client/consumer, and bad public-relations ... lol, a news brief will be "almost mean the end" of a company in mainstream IT.

/Quit, enough of blaming

2007-05-20T10:04:00.000-07:00

We present to you ... www.usablesecurity.com !

Security blog's XSS ;)

Ironically their page has their last post on "phishing" and "Open ID"...

/Quit

2007-05-20T09:14:00.002-07:00

Presenting the XSS Trio ;)

Site: www.googlefont.com, www.netscape.com, and www.mtv.com
Multiple XSS bugs
Risk: High

Google font - XSS

Netscape XSS

Mtv.com - nice music channel !

XSS is not an ordinary threat anymore which can just bring pop-ups, advanced and planned attacks, XSS worms like the myspace one, and nice shellcodes (like the ones showed by bill hoffman of SPI @ shmoocon are examples of ... sophistication in this area) And we can't forget XSS Proxy ... uauauauauauaua !

/Ph33r to click ...

2007-05-08T04:54:00.000-07:00

Hew Griffith, the ex-DoD council member, has been extradited to the USA for sentencing.
Personally I feel he must have had his chances to serve time in Australia.

Read the full story here...

/Quit

2007-05-03T03:24:00.000-07:00

Quoted from ArsTechnica, a kid got kicked outta school for creating a counter-strike map of the school... sounds funny, but logical as well, seems as though schools are on high alert, after the massacre at Virginia Tech...

/Quit

2007-03-22T18:55:00.000-07:00

Full headers of the phishing email ...

X-Apparently-To: @yahoo.com via 209.191.87.92; Thu, 22 Mar 2007 01:38:34 -0700
X-YahooFilteredBulk: 64.151.53.220
X-Originating-IP: [64.151.53.220]
Return-Path:
Authentication-Results: mta222.mail.re3.yahoo.com from=paypal.com; domainkeys=neutral (no sig)
Received: from 64.151.53.220 (HELO 192.168.1.252) (64.151.53.220) by mta222.mail.re3.yahoo.com with SMTP; Thu, 22 Mar 2007 01:38:34 -0700
Received: from 60.76.174.246 by ; Thu, 22 Mar 2007 04:35:46 -0500
Message-ID:
From: "service@paypal.com"
Reply-to: "service@paypal.com"
To: @yahoo.com
Subject: Compromised PayPal Account
Date: Thu, 22 Mar 2007 13:35:46 +0400
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--202896902971285"
X-Priority: 1
X-MSMail-Priority: High
Content-Length: 1308

This is a very bad way to send "scam" emails. Honestly no "smart" phisher would send his emails from AOL.com and using Outlook express... Why do all people want Paypal... ??

LOL !

How does this work ?
The phisher redirects the user to his host pointed with the arrow, rather than paypal, and collects data for his "own profit"

Reported to a APWG & F-Secure.

What can you do ? Don't click on the link blindly, take a minute to check the status bar, and copy/paste links on your browser, if you're suspicious of the person who sent this, then send it to reportphishing >at< antiphishing >dot< org

/Quit

2007-03-10T20:07:00.000-08:00

Update from jf -at- danglingpointers -dot- net.

Seems the variable name was googled a bit, and apparently it was a considered a vulnerability, not just a bug... if the wiki was embedded in another frame, the by injecting javascript the attack can occur.So that's what was shown below in the code(see previous blog post).The Authors have anyhow disabled it by default in newer versions of the wiki software.

My bit, is that I have just been digging code decently.We will conclude that I found a bug in OWASP website.(which was considered a vulnerability in the past)

Cheers :)
Kish

2007-03-10T09:08:00.000-08:00

Is OWASP vulnerable ?

Check this out, the code shown above has the variable wgBreakFrames as undefined.

I expect some feedback on the same... Posted to full disclosure list.

The wgBreakFrames variable is vulnerable to injection...
It is confirmed just as a bug, with minimal impact,not a vulnerability.
There could probably be attacks if we could inject javascript in the window.

I would like to thank, jf -at- danglingpointers -dot- net & andfarm -at- gmail -dot- com, for the assistance provided through the Full-disclosure list :)

Full-Disclosure - We believe in it !

Cheers :)
Kish

2007-03-04T21:19:00.000-08:00

Site: www.techworks.in
Multiple XSS bugs
Risk: Medium-High

They're ""Official EC-Council distributor, India""

Full-Disclosure - We believe in it ;)

/Quit

2007-03-01T20:25:00.000-08:00

Originally posted on the 14th of Feb, Yeah, Iam sorry, late by 2 weeks. Still worth a laugh.

Acunetix survey says : 70% of websites, out of it's 3200 scanned ones were vulnerable to attacks.

Then, Network world and it's "go-to-guy" Joel Snyder, a.k.a Security expert, replies back

Thomas Ptacek, a guru at Matasano, gives his take on the issue.

Acunetix gives back some statistics and it's report...

I learnt to laugh like an Italian friend of mine, UAUAUAUAUAUAUAUAUAUAUAUAUA !!
You must try it too ... it's fun to laugh, it's the best way to forget all your worries...

Jokes apart, the truth is conveyed here humorously... You must note that somewhere in the context is mentioned, Acunetix's numbers are low ...

/Ale vide

2007-02-26T00:42:00.000-08:00

Site: www.tcs.com (Tata Consultancy Services)
Multiple SQL Injection/XSS bugs
Risk: Medium-High

The company which can't secure it's site is providing services on Security. WOW !!!
http://www.tcs.com/esecurity => Check this out ;)

SQL Injection - Do you want me to be the DBA ;) ??

Cross Site Scripting - Do you see phishing coming your way ;) ??

I sent an email back in December 2006, they're so responsible not to fix their bugs even after 2 months. I sent the email to their Information Security Manager, Chennai, not to admin/webmaster/or any default address. No response until date (see picture)

Email sent to "Full-Disclosure - We believe in it ;)"

Cheers :)

2007-02-18T06:32:00.000-08:00

Got a reply from them, they want to fix it now :)

My reply for their email.
With this, Iam closing this issue. Seems they've come to terms with me :)

Full-Disclosure - We believe in it ;)

Cheers :)

2007-02-18T04:59:00.000-08:00

Posted to Full-Disclosure list, copied to LegionSec

Full-Disclosure - We believe in it

On a sidenote, this post got dugg !

Cheers :)

2007-02-17T19:47:00.000-08:00

I never expected them to reply but they did ! What a surprise ;)

So here's my reply... to them.

Full-Disclosure - We believe in it

Cheers :)

2007-02-17T13:21:00.000-08:00

Update to my previous post :)

Possibility to fetch files such as /etc/passwd
http://www.flconferences.com/download.php?file=/legionsec_1/archive/LegionSec'06___Vicente.pdf => Example

Click on the above link to see "Function.fopen"

When it lists out "fopen(/hsphere/local/home/flconf/flconferences.com/user_conference/legionsec_1/archive/LegionSec\'06___Vicente.pdf"

What amount of time will it take for an attacker, to manipulate this function and retrieve critical files as /etc/passwd or /etc/shadow

With this kind of information in hand, the extent of damage that can be done is "maximum"

Documentation for Function.fopen from PHP Website.

Full-Disclosure - We believe in it.

Cheers :)

2007-02-17T07:14:00.000-08:00

Advisory by Kishfellow

Site: www.flconferences.com (LegionSec)
Multiple XSS vulnerabilities
Risk: Medium-High

Picture says it all ...

Full-Disclosure - We believe in it.

/Quit

2007-01-10T15:47:00.000-08:00

Whoa ! ... I just can't believe that I got myself a BOSE headfone [considered to be really the best money can buy, for a headfone or any sound equipment]

You have the "Right to laugh ;)" ... >> See this post <<
I don't believe that he is such a geek, he uses V=IR to describe parallel dating ;))
~ Hats off to you bro ~

Cheers :)

2007-01-02T22:45:00.000-08:00

The new HD-DVD [High definition DVD] already cracked ?

Rumors arose early on the new year that a hacker named muslix64 has compromised the encryption called AACS [both blu-ray & hd-dvd use the same encryption]

Read the news brief from three sources :)

NewYork Times - >> Read more <<
ComputerWorld - >> Read more <<
ZDnet - >> Read more <<

On a side note, happy new year to all of you :)

I heard from a friend of mine, that this year starts and ends with a monday, it has the most number of saturdays & sundays... and no public holidays fall on sunday. Hence, this is a new year with least working days according to the anonymous friend who informed me :)

/Quit

2006-12-28T22:38:00.000-08:00

Today as usual I booted in windows 2000 and inspected this "strange" piece of malware [a trojan].

I must really compliment the author of this malware, since he does a good job by deleting important files like mp3,mpeg,pr0n and other illegal stuff that people download off p2p software ;))

Credits fly to you, whoever you are !!

Read more here ...

/Quit

2006-12-26T19:41:00.000-08:00

Santa gave me a lot of gifts for christmas of which two were very good,
so Iam sharing with you people ;))

Trust me, he gave me an oppurtunity to see the power of RainbowTables [ >>Here << ]

Ofcourse, he gave me toys to play too ... Check this out ...

Cheers :)

2006-12-23T10:24:00.000-08:00

I was doing a bit of wifi-hacking recently... playing with toys ;-)

Recommended reading => Blackhat Slides [Laurent Butti and Franck Veysett]

/me (Quit :)

2006-12-20T11:54:00.000-08:00

I've not been with my computer for the last few days ... went out shopping, spotting and doing stuff that I don't do regularly ;)

The surprising thing is I couldn't withstand touching my laptop everyday for emails. . .

I just signed off the internet 8 days ago, and here Iam, back ... Back with a bang ?! Probably.

I just re-energized myself and feels good to be ranting here :)

/Pull D' Plug

2006-12-05T04:22:00.000-08:00

Muscles & Fitness - Training system library is worth every penny you invest in it ...

I just bought the 5 DVDs for 40 US Dollars, I think it's an incredible source for body building.

I'll write more about this dvd shortly ...

On a side note, weight that we gain is reversible ... Lots of things are "reversible" in life, and reversing comes naturally ;)

GPS is having it's gcc toolkit ready. I have been examining the board for a while now, and coding the processor module for nintendo with the opcodes.

If someone needs the opcodes for v831 processor, let me know through email.

Cheers :)

2006-11-06T23:40:00.000-08:00

http://www.videojug.com/film/how-to-fold-a-t-shirt-in-2-seconds

Amazing piece of "work" ... I saw the comments section, and many people complaining about the video's speed. Use the pause button around 10-12 times in the 2 seconds when they show the folding ;)

100% working, try it

2006-11-02T20:04:00.000-08:00

Couple of neat pen-tests were done in the last month. This month I have a mighty big cake in my hand with over a thousand desktops and a few servers, from an organization. ;)

Now about the new reverse-engg project at hand, the GPS unit. It runs on Nintendo processor.

Manufacturer : NEC Corporation
Processor Model : v831
Addn Info: 32 bit Microprocessor

Iam still working on the details of this circuit's datasheet, as of now Iam building a GCC kit for this thingy.

/Ale vide

2006-10-29T09:25:00.000-08:00

Today , thoughts that traverse through my mind almost daily has come to a stop.
Seems there is something I failed to realize ... Yes, I have realized "an important" thing
about life. I slept the whole day and Iam blogging now. The SL33P factor has been missing
for the past few years of my life ... which I think has bothered me enough. So Iam planning
to compensate for my misdoings now ;) ...

/part

2006-10-20T20:25:00.000-07:00

News... warezov variants are making a lot of headlines in AV blogs.

Today being Diwali, here is a traditional way of saying happy diwali to all my friends here.

जलते जगमगाते रहे, हम आपको आप हमको याद आते रहे जब तक जिन्दगी है, दुआ है हमारी "आप चाँद की तरह जगमगाते रहे" दीपों के पर्व दीपावली की हार्दीक शुभकामनाएँ !!!

Ofcourse, I've got my English version too ... ;))

I wish you all a very Happy Diwali and an even prosperous New Year

Then I've got new toys coming my way for a fresh reverse-engineering challenge.

GPS - Global Positioning system , this time is my target. Seems there is some kinda DVD unit that won't play regular DVDs. After the car ecu and tv hacks, I've started to get a firm grasp on embedded stuff and hardware hacking.

I think this project will go well ;)

I will keep you all posted.

Cheers :D

2006-10-18T22:00:00.000-07:00

http://www.gizmodo.com/gadgets/gadgets/mcdonalds-im-lovin-malware-207639.php

Story from Gizmodo on McDonald's malware ;))

Iam loving it !!

/Quit

2006-09-25T20:30:00.000-07:00

This picture was done by Antony Zboralski (for his talk in HackInTheBox 2006.

The people at HITBSec2006 were kind enough to provide Live webcast ;)

I heard the second day's keynote and some talks which interested me in the 2 day conference.

VML Exploit from milw0rm receives a lot of attention as vendor patch hasn't come up yet

The unofficial patch from ZERT is the temporary solution, and I think that team consists of the most elite and respected researchers in security industry.

That's all I got in stock now, actually I have been staying away from my box for a while now ... Since I thought life has more to give / take except this machine ;)

Update: Official patch released out of the microsoft patch cycle, available at update website.

Cheers

2006-09-09T13:09:00.000-07:00

Pshisssssss ... the hell out !
Long time , no blog ... bah, I have been lazy, tht's one reason
Second reason is I haven't done much except reporting and getting keen on phishing.
Here is the report from APWG (Anti-Phishing Working group) for June06.

Oh, we can't forget Patch Tuesday's advance bulletin
Here is an interesting thread a new set of API's for Java
That's it for now

/quit :)

2006-08-04T12:00:00.000-07:00

Hierarchy of Piracy

The above diagram shows how software is pirated schematically ...

Cheers :)

2006-07-16T02:22:00.000-07:00

Things I can think of now ...
Microsoft Bulletin (came out 4 days before ... already ppl will be diff'ing patches)
Post on browser bugs from hdm
Then the Anti-Malware Team at Microsoft releasing a whitepaper
Picture of the Anti-Malware Team

Ahh... I almost forgot Italy's World Cup victory over France and about the
"disgusting" words spoken by Materazzi. Zidane's head butt had a lot of press
attention. According to French Coach Raymond Domenech "To me
Materazzi is the man.... He not only uttered those words and sent
our best player packing, but also scored an extra goal and helped
Italy win the world cup"

Ye, we can understand why he said he scored the "extra-goal".
At the near end of the match in the second period of extra-time the french
players were really pushing it hard and almost scored a goal ...
suddenly zidane's head butt and the rest is history ... it went to
penalties and the italians won on penalties. For me this world cup was
less convincing than the 2002 world cup for the sheer fact of the dives
(all hail van bommel)/unfair play (do u remember a banner called "My play is fair play ??")
/inconsistent referees(Portugal v Holland) and ofcourse the materazzi-zidane issue.

I bought a new laptop with very nice specs. That's some good news :)

/quit for now

2006-06-10T21:36:00.000-07:00

Iam NOT the only one who cries over spilt milk.... ;'-(

I have got over what has been troubling me for almost a month or two.... I got over the fact that Iam not the only one who looks back at a good friend who is no more mine and I deserved it for sure.

Okay what's new in the scene ... Let's see ...

First off we've got the FBI raiding underground servers
Next we've got the usual punkz at school doing their grades away !
Microsoft are releasing what seems to be like "12 ?!" patches

I guess the folks at nCircle wouldn't be sad this time ;-))
Just looking ahead to a busy patch tuesday for him and his team ... so...so day for the sys-admins as well

/quit

2006-06-02T03:48:00.000-07:00

Antivirus vendor Sophos has cracked the password for the Ransomware Archivieus.

Read the full story at Vnunet

2006-05-27T16:43:00.000-07:00

The Da Vinci code "mobile-virus" ? Still unsure of what's going on because I haven't seen anyone in Chennai report anything or maybe they do...If someone is infected, consider sending me a sample because I'd like to have it :-))

Courtesy: MiDDAY magazine.

2006-05-14T08:17:00.000-07:00

"Hardcore" Body building is what Iam going to be concentrating for a change side-tracking my security saga which has been going on for 5 yrs.

I want a break and Iam finally working out and eating like a beast ...to be precise
Iam trying to become a HUNK :-))

6 meals a day and 3 protein shakes ... Am I crazy ?? No ... Iam serious abt building myself like a beast.

Iam planning to gain say around 10 kilos in 3 months, ofcourse all this can't be done without a good protein intake. Iam using Creatine Monohydrate, and another supplement with L-Glutamine.

Oh, I almost forgot about WHEY ... hehe, I use that too... Hope I'd not die of renal failiure...lol

Cheers :)

2006-05-05T08:19:00.000-07:00

http://blog.ncircle.com/archives/2006/05/certifications.htm

nCircle team's blog had this post and an e-week news-brief based on which this was written and it's makes for a good read if you're having ur tea in hand like me at midnight... lol

Cheers :-)

2006-04-30T11:35:00.000-07:00

TV cards people ... It's time for new action as I have gone chasing the card model from Nagra systems for TV.

The card model is ST19XL18... I have figured out a new way of dumping the eprom. The card's memory is having several roms. (3 ROMs and 1 EEPROM) The whole thing is about DSS hacking. Sadly there's no DSS in Chennai, only cable TV

I got lucky when I met a 24 yr old from Portugal who asked me for help and it's really cool to know that weak crypto algos like DES are still used in TV cards. The whole aim to do all this to see more/all channels for FREE

We have finally made it ... he was happy and so am I... I learned something new and new hardware to play with.
The best part was all this was done remotely with me just supervising about the hardware/cables/connectors and the binaries were sent to me by email. He co-operated with me a lot and Iam proud that we did all this within 1 week. Hehe ;-))

Given below is a small working of our old 64-bit algo.
>> A short write up on DES by the Matthew Fischer <<
Courtesy: Zone-H.org

Cheers

Update: If anybody wants the ST-7 opcodes email me

2006-04-20T01:48:00.000-07:00

Rediff website has introduced a service/page for searching the approximate air fare for cities inside India only. The service is still beta and it's named Faresearch.

You can check out >> the service here <<

I found this while checking my mails in my almost extinct rediff a/c :))

Cheers

2006-04-18T20:29:00.000-07:00

Car engines are amazing and they can be more fun sometimes, but paining as well.

To know their details can be fun, but to draw maps of their connections can really be a pain in the ... well , it's happening now and I accidentally sleep these days just too much unusually. So time is still one step ahead of me.

Car and computers are inter-related and I knew how only from ... some kind ppl who told me the things written below :-)

As technology advanced, so did the electronics that go into cars. The ECU in a modern automobile, together with advanced engine technology, makes it possible to control many aspects of the engine's operation, such as spark timing and fuel injection. The ECU may also control valve timing, boost control (in turbocharged engines), ABS, the automatic transmission, and the electronic stability control system. All western cars like Nissan/Volvo/BMW/Skoda/Renault that have been manufactured after 1996 have ECU in them. The first ECU was seen in early 1970 as per Wikipedia. ECU means Electronic control unit or sometimes, called Engine control unit.

My Embedded RE project has something do with the ECU only :-))

2006-04-05T08:34:00.000-07:00

Twenty dont's for ASP developers
The article is precise and exactly to the point , making it more easier to read and understand.
It's a must read for all developers who use ASP.

Courtesy of Security Focus

Regards

2006-03-30T23:05:00.000-08:00

Okay, it's been almost a week or more since I blogged.

Iam now in kolkata and Iam here for a kewl project.I like the city, I have been here for 3 days and to be very frank I like this place ;)

I have mapped several ideas for working on the project and I have temporarily stopped analyzing malware because this project is really sophisticated than the former. It's an embedded RE project.

I'll update what Iam doing periodically ... if I have time.

Regards

2006-03-15T15:16:00.000-08:00

MS Malicious code removal tool update for march includes W32/Atak, W32/Zlob and W32/Torvil

Get it here
(note: this tool is not a continual defense product like anti-virus or firewall product,it can be run on-demand)

Regards

2006-03-12T15:11:00.000-08:00

The VM Rootkits : Next big threat to security ??

MS Research team has come up with a rootkit which can defeat virtual machine technologies like vmware/ms-virtual pc. They seem to have tested the PoC code on a linux/vmware and a windows/ms-virtual pc. Get the full story here

Regards

2006-03-02T14:06:00.000-08:00

Is Google the next Big Brother ??

The above mentioned article makes for an interesting read and it spits out the facts of why/how Google could be potentially dangerous in the future not only for Microsoft but also to the common internet user like me or you.

The invasion of email privacy is one key point to be noted by all Gmail fans out there.

I have no comments regarding this Gmail issue because I use Yahoo mail.

Regards

2006-03-02T07:07:00.000-08:00

Regarding the OS X 86 Maxxuss has successfully ported the system long time back and is now producing patches in a race with Apple, I spotted that the issue of dual booting OS X / Win XP will soon be accomplished.
More info about this can be had from this website

Meanwhile we must not forget that still some computers in the world are infected with Nyxem.e which will activate its payload on the 3rd of every month. I heard from some sources near me indicating a meagre rate of infection still existing here.

/quit

2006-02-27T00:41:00.000-08:00

An Auditor from Deloitte & Touche,USA has lost an unencrypted CD beleived to be containing important information of current and former McAfee Employees. Around 9000 employees' social security numbers, information of stock holdings and other important info has been lost.

A Deloitte representative confirmed this incident had taken place on Dec.15 and McAfee were informed on Jan.11 almost a month after the incident had occured.

Read the full story here

2006-02-26T14:41:00.000-08:00

Feels good to have gone bug-hunting after a long time. I found a couple of buffer overflows in a prominent software in just a matter of 2 hrs !!. The POC Code will not be released. I have contacted the vendor and prefer not to elaborate on the details of the same as malware authors are waiting to prey in such situations ;-))

Life seems to be fast these days and time alwayz is one-step ahead of me ... I hope to change this situation soon.

Regards

2006-02-19T01:39:00.000-08:00

Apple proxy ?? Apple's site mac.com has a redirection facility which attackers "can" use to their advantage.

Check this out : http://www.mac.com//redirect/http://www.hotmail.com

The above crafted URL is just a example,instead of hotmail it could be "any" dangerous URL perhaps a scam.

Regards

2006-02-16T14:02:00.000-08:00

OS/X Leap.a - First power pc malware found in the wild.

Read more from the source

You can get F-Secure's analysis here.

Does this mean Mac is becoming more popular with the latest collaboration between Apple and Intel ???
Yes,it's becoming prominent and malware authors are targetting it for a change ;-))

Regards

2006-02-07T06:48:00.000-08:00

The muslims have once again started defacing websites, and posting political messages against denmark... More news on the issue can be had from here . It's strange why denmark had to say anything ...and why this new wave of cyberwar against the two had to arise..??

It's just in it's budding stages, and more attacks are likely to be seen in the future. These things remind me of the all-famous Yaha worm and their variants which wreaked havoc in Pakistani ISP(s). Indians and pakistanis were dueling each other a while ago from 2001 or so and still it is continuiing ...for a reason called "Kashmir"

IMHO a Cyberwar between any two countries on political grounds is un-necessary. This is not any good because true patriots know how to fight by conducting, campaigns / speeches etc instead of trying to attack one's digital possesion.

Why try to mess with one's digital privacy when there are governments and other departments under them trying to bridge these issues smoothly.

Regards

---[Disclaimer]---
This post is just my view and it's not meant to be Indian's view or pakistan's view or whatever. Iam against racial /communal feelings. Everybody is a human and they deserve what they actually do ... Neither me nor my host (blogger.com) can be held liable for any misconception of what is expressed in this post.

2006-02-03T14:55:00.001-08:00

We need to compete for knowledge and wisdom, not for grades. Knowledge is piling up facts, wisdom is simplifying it. One could have good grades and a degree without learning much. The most important thing one can learn is to "learn to learn." People confuse education with the ability to memorize facts. Education of the mind without morals creates a menace to society.

Who is really educated ??

In a nutshell, educated persons are those who can choose wisely and courageously under any circumstances. If they have the ability to choose between wisdom and foolishness, between good and bad, between virtuousness and vulgarities, regardless of the academic degrees they have, then they are educated.

Expert ?? An expert is someone who knows all the answers if you ask the right questions.

Taken from Shiv Khera's book = You can win :-)

Still reading the book ... More to come ...

Regards

2006-02-03T14:46:00.000-08:00

To give you an example of selective listening, let me share with you a story I heard about a medical doctor who was invited as a guest speaker to address a group of alcoholics. He wanted to make a demonstration that would be powerful enough to make people realize that alcohol was injurious to their health. He had two containers, one with pure distilled water and one with pure alcohol. He put an earthworm into the distilled water and it swam beautifully and came up to the top. He put another earthworm into the alcohol and it disintegrated in front of everyone's eyes. He wanted to prove that this was what alcohol did to the insides of our body. He asked the group what the moral of the story ??

And one person from behind said, "If you drink alcohol you won't have worms in your stomach."

Was that the message? Of course not. That was selective listening--we hear what we want to hear and not what is being said. Many of our blessings are hidden treasures--count your blessings and not your troubles.

Taken from Shiv Khera's book = You can win :-)

Iam still glued to this piece of plethoric values ...

Regards

2006-02-03T13:08:00.000-08:00

There was a man who made a living selling balloons at a fair.
He had all colors of balloons, including red, yellow, blue, and green. Whenever business was slow, he would release a helium-filled balloon into the air and when the children saw it go up, they all wanted to buy one. They would come up to him, buy a balloon, and his sales would go up again. He continued this process all day. One day, he felt someone tugging at his jacket. He turned around and saw a little boy who asked, "If you release a black balloon, would that also fly?" Moved by the boy's concern, the man replied with empathy, "Son, it is not the color of the balloon, it is what is inside that makes it go up."

The author's insight: What's inside us matters,"the attitude" that makes the difference between losers and winners...

Taken from Shiv Khera's Book = You can Win(best selling title) :)

It also brings to mind the saying "IT'S THE ATTITUDE,NOT THE APTITUDE THAT DETERMINES ONE'S ALTITUDE"

Regards

2006-01-27T19:23:00.000-08:00

According to Security Focus news Nyxem.e/Blackmal.e/MyWife.e is spreading rapidly in India,Turkey,Italy ...
Read more about the news article here

This came up shortly after I posted my views/rough analysis of the worm.

Update: F-Secure has released a disinfection utility called F-Force for Nyxem.e

Regards

2006-01-27T03:31:00.000-08:00

Nyxem.e is a mass mailing worm, it sends the attachment, with filetype bhx(which actually is the worm). I was not surprised when a institute where I had studied was infected with the worm. (No anti-virus installed either) So the possibility of infection was very high. I won't be wondering if the worm spread to all their students' email and inturn their friends / contacts.

Some behavioral details

1)Coded in Microsoft Visual Basic, it uses remote shares to spread itself
2)Nasty payload: Deletes the file of the following filetype *.doc/*.xls/*.mdb/*.mde/*.ppt/*.pps/*.zip/*.rar/*.pdf/*.psd/*.dmp
3)It poses to be a winzip file (which is more threatening)
4)It escapes from anti-virus vendors as it's kinda mydoom's design by avoiding sending the emails to their domains.
5)It also kills the following services(anti-viruses)
SYMANTEC/SCAN/KASPERSKY/VIRUS/MCAFEE/TREND MICRO/NORTON/REMOVAL/FIX

So even if the institute I mentioned had a Anti-virus, it might have only one of the leading av's and this makes the installation of anti-viruses futile.

I was particularly interested in this one because it's payload was to delete almost all essential files on the harddisk on Feb 3 or 3rd day of any month.This is aided by the running of a exe called update.exe is loaded into memory.(update.exe is created by the worm)I haven't fully analysed the worm.

I have just outlined some of the key features which make it deadly.

Regards

2006-01-24T23:14:00.000-08:00

Yo... I have been playing with some old samples recently.. Iam also linked with a upcoming security firm in my city,where I might secure a job for myself for good ;-)

That's all I have in stock for now :-)

Regards

2006-01-09T20:23:00.000-08:00

My primary 40gig hdd crashed and it was declared unusable by me as soon as I got a couple of Data Read/Write errors.(also accompanying these two was the CRC Error for the hdd). I still wanted to try to make it re-usable instead of throwing it ... Hoping to make something happen I installed Win2000 SP4 and a Vmware image. As soon as I started working ... I again get these bsod(errors as mentioned above). I finally format it again fully and I won't throw it ... but I will have it as a souvenir/my memoir or whatever I feel like calling it ... Iam planning to buy a 10-20gig hdd to get back the setup for working on vulns/malware.

Pray for my new hdd's health...

Regards

2005-12-26T13:43:00.000-08:00

Ho!! Ho!! Ho!! ...0wning the Cisco IOS , BlackHat USA 2005 ;)

Courtesy: Google.com,Schneier.com.

---[News]---

In his blog www.schneier.com/blog, Bruce schneier,a security guru gives his review on how cisco were/are harassing former ISS Security Researcher, Michael lynn. Mr.Lynn had quit his job to present the paper in Blackhat USA '05.

Security Guru gives his clear view of what happened to Mike.

---[Audio File]---

Audio of a Press Conference at BlackHat USA 2005 over Cisco and Michael Lynn

This press conference was held during BlackHat USA2005 on Jul 28 with Michael Lynn and Jeff Moss attended. All parties which involved were invited but Cisco and ISS didn't participate.

Here's MP3 audio of the press conference. 37 min.

---[Video file]---
"Someone" posted a video of BlackHat USA proceedings page ripping process by Cisco sent staff.
Download the video here(QuickTime format)

---[Disclaimer]---
I haven't uploaded any content mentioned above.Iam just giving pointers for other people to know what is really available in the Internet.Neither I nor my host(blogger.com) will be liable for any of the actions of the readers.

Regards

2005-12-26T13:02:00.000-08:00

Get my tut on Circumventing CD-Checks from protools.cjb.net maintained by Kaparo.

Regards

2005-12-26T12:37:00.000-08:00

Get my Basic Overview of Reverse engineering from protools.cjb.net maintained by Kaparo.

Regards

2005-12-26T01:40:00.000-08:00

Blog is mainly about reverse engineering/hacking/coding malware and countermeasures for the same. I will sometimes rant in a semi-conscious or rather an oblivious mood ... which is left to the reader to take it / ignore it ...

---[Disclaimer]---
The author of this blog / web-log is a Security enthusiast who is interested in Security,any form of digital security...Ranging from Wired/Wireless Network to mechanisms like Smart card systems/Game console Protection/Casino's Poker machine security, etc...The author is driven by the curiosity to explore the innards of anything/everything using any means possible...

The author uses the term hacker throughout this blog from the view of a penetration tester/data mangler/you name it ... ;-)

The views expressed on this blog are my own unless stated otherwise...

Cheers :)