Day by day…

UK – 4 private detectives in jail because of Apple laptop, sold online.

In 2008 a Soca officer answered an online advert to buy Summers’ Apple computer. From its hard drive – which Summers had failed to wipe properly – computer forensics experts were able to obtain dozens of incriminating emails and other documents….

By BBC UK article 

btw, thx Mikko Hypponen for tweet

Again – security is an issue, when You doing something sensitive.. Make sure You know how to deal with it. If no – find a professional, that will save You money and lifetime.

Today on my mobile (iPhone) got Safari message from domain obnovlenie-brausera.com, that unable to rid of it it require to install something on my mobile, claiming to be “Safari update 6.5″
Since my phone not working with Russian at all, looks like a malware? Jar archive attached. (remove .txt at the end to get original file)

Virustotal report 22/42 of file, SMS Fraud app.

Be aware!

 upd: Not than new, looks like, spreading for about a week.

See here for more details:

http://support.clean-mx.de/clean-mx/viruses.php?ip=93.170.107.60&sort=firstseen

btw, ssh port open, nmap fingerprint it as OpenSSH 5.1p1 Debian 5 (protocol 2.0).

Got exploit to try? )

Today Dimitris Glynos released bug that affect my favorite IM client Pidgin with OTR plugin.
It require user-level access for attacker to listen to DBUS messaging of victim.

Interesting fact is that vuln was reported about 2 month ago to development team, and no update since…

Is it mean that Pidgin development finished?

upd1: You can try to reinstall pidgin from tar with   --disable-dbus option in ./configure script, or wait for solution from developer.

Recent attack vector on WPA devices via WPS (WiFi Protected Setup) by Stefan Viehböck finally got implemented with reaver-wps tool that allow attacker in matter of hours reveal all data needed to connect to Your network.

For now, according to US-CERT, no known solution implemented, except disabling WPS on those devices who have option to disable it.

Found interesting set of tools by GMG Systems, Inc – FAU or Forensic Acquisition Utilities

It toolkit of few utilities for Windows systems (support from Windows 2000 till recent Windows 7 & Windows Server 2008), that provide basic tools for interacting with evidence machine. From  George M. Garner Jr. (author) website:

What’s included in this release:
Included in this release are x86 and x64 versions of the following modules:
1.      Dd.exe:  A completely new implementation inspired by the popular GNU dd utility program.
2.      Volume_dump.exe: An original utility to dump volume information and drive information and USN journals.
3.   FMData.exe: An original utility to collect files system metadata, to produce and verify security catalogs (cryptographic hash sets) using one or more cryptographic hash algorithms and to verify system binaries using the system file checker (SFC) API.
4.      Wipe.exe:  An original utility to sterilize media prior to forensic duplication.
5.      Nc.exe:  A completely new implementation of the popular Netcat utility inspired by the original version created by Hobbit.
6.      Zlib.dll:  The latest version of Jean-loup Gailly and Mark Adler’s Zlib (currently version 1.2.3).
7.   Bzip2.dll:   The latest version of J. Seward’s bzip2 library (currently 1.0.4).
8.   Boost_regex-vc80-mt-1_34_1.dll: Boost’s regular expression library.
9.   Fauerror_xxx.dll: A series of dynamic link libraries (dll’s) that contain the localized language strings for FAU output.  There is one dll for each locale supported by the FAU.

For those who looking for some special features (like no access to local drives by default from all presented tools) – see remarks on offsite.

There is old saying: “..the speed of the whole fleet must be reduced to that of its slowest ship”. Same in security – security of the facility is reduced by it’s less secure part.
Yes, I understand that sometime it just not worth to implement IPS for 2 Win98 computers that run DOS application which manage old accounting system bla bla bla…
But if this is kiosk computer with wireless network, that available in lobby 24\7 and since it Win XP and wireless card driver only support … guess? Exactly, WEP64 or WEP128
Even if key is not A1A1A1A1A1, even if SSID is hidden, even if MAC filtering is enabled… – still it a matter of minutes to break in.
In price of 100$ security can be raised to Enterprise standards, without re-developing, changing stations etc… Just find the proper specialist.

One of major’s Tor disadvantage is its major advantage – strict anonymity. Sometime entering onion link, You don’t know where it will lead You. As a result – You may see terrible things, which literally force You to dream about these days when You (or someone else) will castrate the owner and participants of this “portal”…
Was looking for Hidden WIki, suddenly redirected to some resource…
Damn motherfuckers, hope you’ll burn… alive, and only then – in hell.

Welcome back, Sergey!

News on Business Week

Easy? Sources of PCAnywhere that leaked were from 2006 (as claimed by both sides), Symantec got time to react, but:
Johnathan Norman aka spoofy released DoS code for patched versions of PCAnywhere, and, I am sure, there are more stuff in sources that will stay away from public for long time…

Well, recently I’d created test .onion website, just to make sure I know how to.

What is key benefits?

1. Not hard installation at all – couple of CLI commands & few changes in config files.

2. In case UPnP supported and enabled* (usually by default)by Your router – well, You done. All is working

3. You got nice unique web address for Tor network: something like ajnob43eaf1xzmnp.onion

You can easily switch it to regular address and access without Tor  by using tor2web service – just add tor2web.org instead of onion in link:

ajnob43eaf1xzmnp.tor2web.org

4. You don’t need an regular no-ip service in case Your IP is not static, no pointers, DNS registrations, records maintaining etc – plug and play. As a result – it can be placed anywhere, and hardly detectable, since no additional configuration needed and network packets flow require proper tool-set and skills to be detected.

5. Finally – it’s Tor, its cool! )

Well, as a result – looking forward for some tor-based hidden surveillance device that can be plugged-in to free active RJ45 in janitor’s room (don’t forger to clone MAC from some old network printer You’ll see on Your way in (or maybe You know it Your recent Homework from another subnet of same facility?) and available thru anonymous network  to begin internal attack ? For legal purposes only, of course!!

Actually, got one near me now, based on old Sony VAIO VGN series Laptop with no lights on (smashed badly)

* You certainly in trouble from security prospective, but who cares, right?