That's right folks, the search behemoth has released a web browser! Its fast, its sleek, and it does some pretty cool things. The default start page is a replica of Opera's Speed Dial interface, which is nice. It has reinvented the way tabs work, moving the address bar below the tabs, meh, not too impressed with that one but ok. It's at least different, and some people might really like it. There are some pretty cool about: page easter eggs. Its *very* fast, using the WebKit engine, pages load tremendously fast and it seems to be very good about rendering pages properly (unlike IE, yeah, sorry, still haven't fixed the crap that's broken with this page but hey, you could always use a better browser),
Sounds pretty good, right? The people that make everyone's favorite search engine is now out to provide a good, solid browser that will allow people to use the web in a new, innovative way. Great! Good job, Google. We appreciate it.
By the way, there's already a denial of service for it. Click here for a demonstration. Here is the explanation. Nothing big, it won't crash your computer, it won't upchuck any data, it just crashes the browser. Happy browsing!
SQL Injection has been a method in the pen tester's toolkit for a long time now. In the early days, it was very easy because very few people gave thought to security in their web applications but lately it's becoming more difficult. As more and more people are becoming aware of the dangers of unprotected code, more and more ways of preventing SQL injection are being invented. Of course, there are still plenty of holes, they just take a bit more technical knowhow to exploit.
Two whitepapers have been released recently describing more complex methods of performing SQL Injections. The paper entitled Deep Blind SQL Injection by Ferruh Mavituna describes a very complex method of retrieving data from certain database servers, MS SQL and Oracle are named in the paper, though more may fall victim to the same type of attacks. His method involves using time delay differences to speed up the process of Blind SQL Injection. This method is much slower than the tried and true ' or 1=1 -- string but it can work in some environments where that method does not.
Discovery and Fuzzing for SQL injections with Web 2.0 Applications from Blueinfy AppSec Labs explores the more specialized world of enumerating databases used by Web 2.0 apps by evaluating the Javascript in the page and traffic to and from the HTTP server. This method is more about Injecting Javascript and HTTP requests than direct SQL and can provide a new attack vector for web 2.0 applications.
These are both fun papers to read and provide methods you may not already be familiar with. Good input.
Python is one of those languages that people either love or hate... wait, thats all programming languages. Anyway, I found this wiki that has some snippets of some pretty useful things to do in Python. Included are howtos on opening and writing to files, both ascii and binary, working with email, xml, web programming, SVN, linux shells, SQLite, and more. Its a pretty handy thing to have around, just in case you ever start a project that requires you do something regarding one of these areas. It may not teach you everything about working with whatever you're looking up but it'd give you a jumpoff point anyway. Plus, its a wiki! If you know of a useful snippet that isn't there, add it!
Alot of buzz has been spewed by Microsoft about how secure they made Vista. With its "Address Space Layout Randomization", which randomly moves a program's stack and libraries in memory, and Data Execution Prevention, Vista was supposed to be the most secure operating system around. While we all know this not to be true, Vista is just as insecure as anything else, only a few major security flaws have been discovered... until now. This one's a doozy.
Mark Dowd of IBM's Internet Security Systems and Alexander Sotirov of VMWare have found a way to completely demolish the relevance of Vista's security features. They have found a method to plant binaries anywhere in the filesystem, with any permissions, and execute them. This, like most attacks these days, is found at the application layer and deals with how Internet Explorer deals with active scripting. Few details have been released at this point, but it is said that the method is simple and reusable.
Dowd and Sotirov were able to load data on the system wherever they wanted and with any permissions they specified via Java applets, and ActiveX and .Net objects, The ramifications of this find is predicted to change the way technologists think about computer and network security. Evidently, this is not only limited to Internet Explorer, but other browsers as well (possibly IE derivatives like Maxthon, not sure about Firefox/Opera). Security and IT personnell should keep their eyes on this story, I have a feeling this will have a long lasting impact on IT policy.
2600 Magazine is the oldest surviving hacker magazine and has spurned local chapters all over the US. These chapters have monthly meetings and some of them even hold conferences. The Nashville chapter is one of these. Every year, the 615 chapter holds the Phreaknic conference in Nashville and the time is nearing for the 2008 conference. Things are still getting setup and not much has been announced. If you would like to speak at the conference, check out the Call for Papers page and submit your work for review.
The con will be October 24th and 25th at the Days Inn Stadium in Nashville. Over 120 rooms have been reserved for the conference and a special rate has been cut for Phreaknic attendees. Its $65 for a room for up to 4 adults. The presentations will be broadcast over the hotel's CCTV system so if you're not able to get to the speaking floor for some reason (hangover), you can just lay in your room and watch.
Not only will there be speakers with interesting views on security, there are also some pretty cool contests and games. Wifirace is a foxhunt with a mobile wifi target around Nashville that you must track down and compromise before your opponents. Oh, and don't forget the G33k Shoot crew which will be bringing their arsenal of weaponry.
So if you're looking for a bitchin con to go to in the Southeastern US, come on down to Nashville, Tennessee at the end of October. This conference should be a blast, and as an added bonus, you can meet me!
One of the most famous hackers of all time, Kevin Mitnick tells us a story of how he and his friend get out of trouble when they got caught sneaking around the central office of a phone company. Great story that lets you in on the personality and demeanor you must keep up when doing social engineering.
You've seen the fancy, expensive drives that feature encryption, ie Ironkey, but what if you don't want to spend exorbitant amounts of money to have some encrypted space on your drive? TrueCrypt is the answer. Truecrypt allows you several options for encrypting a volume or part of a volume and choose from several encryption options.
The flexibility is really nice, you have the option to choose from several encryption types such as AES, Serpent, and Twofish and combinations of the three. You can encrypt the whole drive, a file within the drive, or even implement multiple layers of encryption to create a hidden volume. The GUI interface is intuitive and simple to use and allows you to manage many volumes at once.
This would be an excellent solution for people who carry sensitive data for work but don't want to shell out the big bucks for specialized drives. The only thing to think about is that if you intend on using TrueCrypt to encrypt your entire drive, you'll have to have TrueCrypt on any computer where you may need to access that data (or on another thumbdrive you carry with you). If you're using the Windows version of TrueCrypt you can run the Traveler Disk Setup from the Tools menu which installs TrueCrypt to the root of the thumbdrive so you can access that encrypted partition (file) from any computer without having to install TC to that pc. Unfortunately, this isn't available in the Linux version.
TrueCrypt is an excellent solution for encrypting sensitive data. It works on Windows, Linux, and OSX so you can access your data anywhere and it uses the highest encryption level available to civilians, which is also good enough to encrypt documents labeled Top Secret by the US Government. By the way, the Corsair Flash Voyager USB drive comes with TrueCrypt ready for you to encrypt your data. Not sure if any other drives come with TC, but there are a variety of drives that come with other solutions. If you have any preferences, let us know!
There is a whole realm of hacking that isn't necessarily to do with computers. Hacking is the art of learning how things work and implementing them in new and interesting ways. I've found a website that specializes in this form of hacking. Kipkay Videos features some very interesting articles on how to modify everyday items in order to make them work for you in ways you may not have thought of before.
You can find videos on everything from making your own illumninated keyboard to improving your gas mileage, or even using your phone line to provide power for a lamp during a power outage! Pretty much anyone can take advantage of this form of information. Hacking of this nature can be used by anyone, anywhere without the intense technical knowledge needed by computer hackers.
There are lots and lots of places to find information like this. One of my favorites is Instructables.com. On Instructables, you'll find so many projects your head will swim with ideas. Not only does it provide a great number of things for you to try, but it also can ignite personal inventiveness and inspire you to create your own projects. This form of hacking is very rewarding and very readily available to anyone. You can hack anything, anytime, anywhere as long as you've got a vision of doing so. If you can think of a cool hack, do it and tell us about it. Post it some information about it so we can do it too!
The latest issue of the free pdf-based security magazine publication, (IN)Secure Magazine, has been released. (IN)Secure Magazine is an absolute must read for anyone interested in security as it contains tons of great information and insight that you don't find anywhere else.
Here is what you can find in this latest issue:
- Security standpoint by Sandro Gauci: when best intentions go wrong - Review: Red Condor Hosted Service - Reverse engineering software armoring (part 1) - Security training and awareness: strengthening your weakest link - Hacking Second Life - Building a secure wireless network for under $300 - Assessing risk in VoIP/UC networks - Open redirect vulnerabilities: definition and prevention - Migration from e-mail to web borne threats - Bypassing and enhancing live behavioral protection - Point security solutions are not a 4 letter word - The future of security is information-centric - Corporate due diligence in India: an ICT perspective - E-mail encryption service: a smart choice for SMBs - Securing the enterprise data flow against advanced attacks - How to prevent identity theft - Security flaws identification and technical risk analysis through threat modeling
The venerable authentication auditing app, Cain & Abel has released their latest version with some additional features. As most security professionals know, C&A is an indispensable tool when it comes to auditing network security and now it has even more features.
At first glance, it doesn't look like much is added. That's understandable since it does so much already but if you'll look a little deeper you'll find that the things it does add are very important to auditing modern networks. Some of the new features from the changelog are:
- Added Oracle TNS Password Cracker (Dictionary and Brute-Force Attacks for DES and 3DES hashes). - Added Oracle TNS sniffer filter for DES and 3DES authentications. - Fixed a bug in VNC sniffer filter for new RFB protocol versions. - Fixed a bug with TCP/UDP/ICMP traceroute and Windows raw socket error code 10022. - Fixed a bug in RSA SecurID Calculator for keyfobs with serial numbers of more than 8 digits. - Fixed a bug in Dictionary Attack crackers regarding mixed Hybrid and Case Permutations variants. - Fixed a bug in challenge spoofing and NTLM downgrading when one of the victim hosts is a gateway. - OpenSSL library upgrade to version 0.9.8h.
