Archive for March, 2009
Honeynet Project Discovered a hole in Conficker
Posted by Mourad Ben Lakhoua in News on March 31, 2009
Researchers at The Honeynet Project has discovered a vulnerability in the Conficker that makes it easy to detect,The Conficker adds changes in Windows that can be detected remotely by using a various scanning methods which is already integrated into different popular scanning tools.
Members of the Honeynet Project founded that conficker infected host’s respond with error code for some specially crafted RPC messages, now you can find the detection methods that can be used to contain Conficker’s impact in the update and modified version of the scanners (Nessus, ncircle, Qualys and Nmap).
“Know your enemy and know yourself and you can fight a hundred battles without disaster” (Sun Tzu) .So go a head and check your networks against Conficker.
Conficker.C Overview
Posted by Mourad Ben Lakhoua in News on March 26, 2009
Researchers at SRI International updated their Conficker paper. They have provided a very useful analysis of the Conficker malware.
The last variant of Conficker, referred to as Conficker C leaves as little as 15% of the original B code base untouched the main purpose of the Conficker is to provide the authors with a secure binary updating service that effectively allows them instant control of millions of PCs worldwide.
Through the use of these binary encryption methods, Conficker’s authors have taken care to ensure that other groups cannot upload arbitrary binaries to their infected drone population, and these protections cover all Conficker updating services: Internet rendezvous point downloads, buffer overflow re-exploitation, and the latest P2P control protocol.
Conficker authors have devised a sophisticated encryption protocol that is generally robust to direct attack. All three crypto-systems employed by Conficker’s authors (RC4, RSA, and MD-6) also have one underlying commonality and the discovery of MD-6 in Conficker B is indeed highly unusual given Conficker’s own development time line.
Source: [SRI International]
Bios rootkit infection
Posted by Mourad Ben Lakhoua in News on March 25, 2009
Researchers at Core Security Technologies demonstrated how to creat a new rootkit which is even after formatting the hard disk impossible to remove, this malicious code is injected into the low level system of the target machine (BIOS firmware).
They have implemented this malicious code into two computers one machine is running Free BSD and the other is running Windows, even after reinstalling the operating systems and replacing the hard disk the malicious code remains in the machines.
The presentation available here.
Hackers are making the Mac a 'first-class target' for Metasploit toolkit
Posted by Mourad Ben Lakhoua in News on March 21, 2009
Two well-known Mac hackers are updating a widely used hacking toolkit, making it easier to take control of a Macintosh computer.
Over the past few days, the researchers have been quietly adding new software to the Metasploit toolkit, used by security researchers and criminals alike. Metasploit already supported Mac attacks, but until recently the Mac code hadn’t been as good as Metasploit’s Windows and Linux tools, said Dino Dai Zovi, an independent security researcher who talked about the new tools with his collaborator Charlie Miller at the CanSecWest conference Friday. “Our goal was to make Mac OS X a first-class target for Metasploit.”
Metasploit is an open-source toolkit that makes it easy for hackers to launch a barrage of attacks against a computer system.
Miller and Dai Zovi earned fame in previous years for hacking Macintosh computers at CanSecWest’s annual Pwn2Own hacking contest. On Wednesday, Miller, a researcher with Independent Security Evaluators, won US$5,000 and a Mac laptop by using a previously unknown Safari vulnerability to hack into a Mac system.
They have also ported a Windows tool, called Meterpreter, to the Mac. Meterpreter is a stealth tool that can be used to gain information from and import more software onto a hacked computer.
In the next few days they plan to add exploit code to Metasploit for a handful of previously patched Mac software bugs. Exploit code must be used to first hack into the computer before any payload software can be installed.
Although there are still many more exploits available for Windows software than for Macs, the new payload code means there is now “more or less the same functionality if you want to target a Mac box or a Windows box,” Miller said.
The presentation is available here and you can find more here.
BBC team exposes cyber crime risk
Posted by Mourad Ben Lakhoua in News on March 15, 2009
Software used to control thousands of home computers has been acquired online by the BBC as part of an investigation into global cyber crime.
The technology programme Click has demonstrated just how at risk PCs are of being taken over by hackers.
Almost 22,000 computers made up Click’s network of hijacked machines, which has now been disabled.
The BBC has now warned users that their PCs are infected, and advised them on how to make their systems more secure.
you can find more Here
Damn Vulnerable Linux – DVL – Another V.A Platform
Posted by Mourad Ben Lakhoua in Pentesting on March 11, 2009
Damn Vulnerable Linux is another interesting platform for pen testing and vulnerability assessment, it is created for training purposes to IT-Security professional during a university lessons by the IITAC (International Institute for Training, Assessment, and Certification) and secure software Engineering in cooperation with the French Reverse Engineering Team.
It is freely available for download here:
Damn Vulnerable Linux
And you can find more about it in the official site.
Damn Vulnerable Linux (DVL) is for educational purposes only!
Golden rules of safe internet shopping
Posted by Mourad Ben Lakhoua in Safety rules on March 5, 2009
A very interesting article that Andy Dalrymple, managing consultant information risk management at Global Secure Systems (GSS) posted, this article provides a twelve golden rules to safely shopping online.
you can find the Tips Here.
How to Design a Security Strategy
Posted by Mourad Ben Lakhoua in News on March 1, 2009
a very interesting article that explains why, despite spending millions of dollars on technology, many companies fail to create a secure environment:
We often hear from CIOs who are frustrated by the amount of money they allocate to security projects and technology, compared to the results they achieve. In some cases, executives perceive that security seems to worsen even as spending increases. The reasons vary, but the root cause usually is the same: the lack of a well designed, enterprise-wide security strategy.
What’s needed is a comprehensive security strategy that clearly defines the current state of the security environment and aligns with business objectives for the next three years.
The first step in designing a security strategy is to understand the current state of the security environment. That may seem obvious, but many companies skip this critical step.
the whole article with the diagrams are here.
-
You are currently browsing the archives for March, 2009
SUBSCRIBE
Latest Comments