A Django site.
November 8, 2009

Inside Security News
insecnews
is about »
» iPhone: myPhone on lock-down

...and you thought you were the only person to have the privilege of locking your iPhones screen. Think again. Once again a stunt and proof of concept demonstrates that high tech. mobile devices can be manipulated and possibly locked down by malicious people, leaving the users at their mercy. In some cases even try to get you to part with your money. This was demonstrated with the iPhone 'Your iPhone's been hacked' stunt as reported [1] by Wired.

It appears that jailbroken iPhones have SSH and a default root password (if not changed), allowing full remote access to the phone. It is that easy. The users are lucky that the creator didn't start locking the devices as we have seen with ransomware (malware that requests ransom to decrypt data or unlock a pc).

I would not be surprised if Apple didn't try to use this problem to demonstrate to people that jailbreaking the iPhone will mean that you are taking avoidable risks and that you are not being protected to the fullest.

[1] Wired - Hacker holds Dutch iPhones for €5 ransom - http://www.wired.co.uk/news/archive/2009-11/04/hacker-holds-dutch-iphones-for-€5-ransom.aspx

August 18, 2009

Inside Security News
insecnews
is about »
» Book Review: Grey Hat Python

This is my first "short" book review, but it is more of a book recommendation really. I am a member of the safaribooksonline.com site that provides the 'Safari Library' subscriber full access to all their books. It is a researcher's paradise. All these books freely available to scroll through and legally.

As I was sifting through some books I came across 'Grey Hat Python' (details bellow). I am a fan of the Python Programming/ Scripting Language. It is so powerful and easy the majority of Bachelor and Master students can pickup and develop prototypes and proof of concepts with. The hacking community has also picked up on the fact (yes, Google Code and many others out there) and many projects/add-on modules have been developed in order to expand Python's capabilities.

From skimming through this book I see that it has some really nice examples of doing: debugging, hooking, dll and code injection, fuzzying (software testing) and fuzzying techniques and demonstrates how to work IDAPython and PyEmu.

Overall a good hands-on book and we await for more like it to cover more topics, as the book has only scrapped the surface.

Book Details:
Grey Hat Python
Publisher: No Starch Press
Pub Date: April 20, 2009
Print ISBN-13: 978-1-593-27192-3
Pages: 216
http://my.safaribooksonline.com/9781593271923

November 24, 2008

Inside Security News
insecnews
is about »
» When viruses will rule the world...virtual world

The day after three London hospitals[1] were hit by a virus/viruses (Mytob[7]) and they had to halt their entire computer systems for 24 hours, Microsoft announced [2] that it will be offering its antivirus suit (all-in-one security and PC management service) Live OneCare from next year for free under the name Morro. Initial criticism[4] and analysis[5] of Microsoft's move has made its rounds on the internet with some agreeing and some disagreeing. In the end the results will show.

Trusted security packages should be commonly found on personal and coorporate computers. When learning[6] that roughly 30 million Windows PC machines were/are infected with a fake antivirus software (e.g., Antivirus Pro 2009) that tricks customers into paying for a service and situation the malware created in the first place, is a joke. If we are then to feed into the equation the reports that ‘UK identities sold for £80 online’[3] and take into consideration the many problems that companies and governments are having with securing our information we can conclude that we should be extremely cautious with our PCs and information.

I think viruses at some point in time will rule the world. Even for a few seconds, they will provide their master with complete access to what ever his or her heart desires. How this power will be exercised no one will know. Yet we all dread it. Yes I have thought of the diversity in operating systems that will make this case nearly implausible, yet I have a compelling feeling that we are getting close to online world virus domination.

Links Used:
[1] BBC News, Computer virus affects hospitals - http://news.bbc.co.uk/1/hi/england/london/7735502.stm

[2] BBC News, Microsoft to offer free security- http://news.bbc.co.uk/1/hi/technology/7737520.stm

[3] BBC News,UK identities sold for £80 online - http://news.bbc.co.uk/1/hi/uk/7732569.stm

[4] Ars Technica, Symantec and Kaspersky on OneCare's death: good riddance - http://arstechnica.com/journals/microsoft.ars/2008/11/20/symantec-and-kaspersky-on-onecares-death-good-riddance

[5] Securityfocus, Microsoft hopes free security means less malware - http://www.securityfocus.com/news/11538?ref=rss

[6] TheRegister, Scammers making '$15m a month' on fake antivirus - http://www.theregister.co.uk/2008/10/16/fake_av_scam/

[7] ComputerWeekly, Mytob virus spreads in hospitals - http://www.computerweekly.com/Articles/2008/11/20/233497/mytob-virus-spreads-in-hospitals.htm

September 15, 2008

Inside Security News
insecnews
is about »
» Gargoyle Investigator Forensic Pro - Evaluation

I have just checked out an evaluation version of ‘Gargoyle Investigator Forensic Pro Edition’ by WetStone Technologies[1,2] .

What does it do?
The product has several databases of hashes (like Known File Filter (KFF) but for malicious software) of well known malicious software and the files associated with them. Depending on how many files it finds, and their risk factor, it will increase the confidence rating that the set of files that make up the program exist on the system. This causes a number of problems because some programs share dlls and semi-legit programs (i.e., UPX) therefore presenting the investigator with a few false-positives. This is expected from such a product and people should not complain. The developers on the other hand could help with a bit of innovation to present a filtering option. None the less with the current layout the investigator has to know and go through each false-positive to reach any good examples and conclusions.

Conclusion
I think this program should only be used in conjunction with any other forensic tool sets and antiviruses an investigator is using. If the investigator wants to find out what tool set or set of malicious software that had been installed on the scanned machine then they should use it.

I will not go into any more detail about the product as the basics can be found on the Ineternet and WetStone’s website[2].

Links Used:

[1] WetStone Technologies, Inc.- Gargoyle Investigator Forensic Pro Edition : https://www.wetstonetech.com/cgi/shop.cgi?view,2
[2]WetStone Technologies, Inc.- http://www.wetstonetech.com/

December 5, 2007

Inside Security News
insecnews
is about »
» There are malicious websites in my soup(ed) up results.

As reported [1], security companies Sunbelt Software and Trend Micro have singled out webpages, with malicious content (in most cases targeting MS Internet Explorer vulnerabilities), that were trying to raise their presence on most of the search engines. Google has made efforts to remove the sites, yet sponsored links sometimes can be misleading. MSN search engine has a history of serving websites with malicious content, be aware!

Yes, that innocent looking site that you use to find a lost, unknown, recommended, much needed, etc. website is being taken advantage in order to assist in the spread of malicious content. This content is then used to extract much need information from the users surfing, to finally help organised crime to defraud people/banks from money.

This is the globalized world we live in! Where everyone and everything is connected to the Internet and no matter how much we like it or not, we have to start becoming more aware of the security implications when using online software to conduct and manage private/sensitive personal information.

One must be sure not to get too anxious about using these technologies or they may end up with security-anxiety [2] and no one wants that!

Links Used:

[1] - 'Hackers hijack web search results', Mark Ward (BBC) -
http://news.bbc.co.uk/1/hi/technology/7118452.stm

[2] - 'Gartner: Web security fears cause $2 billion online commerce loss in 2006', Ericka Chickowski (SC Magazine) -
http://www.scmagazine.com/uk/news/article/606686/gartner-web-security-fears-cause-2-billion-online-commerce-loss-2006/

November 13, 2007

Inside Security News
insecnews
is about »
» Would you like some malware with that purchase?

Yet another great reporting from The Register - Chinese Trojan on Maxtor HDDs spooks Taiwan http://www.channelregister.co.uk/2007/11/12/maxtor_infected_hdd_updated/ .

Just when you thought that you could trust big companies (why do I hear laughing in the background?) sub-contracting once again demonstrates how it can cause problems.

This time it is about Maxtor hard drives that were pre-installed with a Trojan named AutoRun-AH, discovered by Kaspersky Labs.

Seagate (Maxtor parent) has confirmed the findings: http://www.seagate.com/www/en-us/support/downloads/personal_storage/ps3200-sw

Sub-contracting does make it very hard to ensure that there is no unwanted programs placed in a product and it makes tracking such changes very costly (and damages company reputation) to the manufacturing company.

November 8, 2007

Inside Security News
insecnews
is about »
» iDefense API logger (updated version)

While analysing some Malware I was introduced to SysAnalyzer [http://labs.idefense.com/software/malcode.php]. SysAnalyzer comes with many programs one of which was of immediate interest, the api_logger. This program can be run on its own, and provides the basic API calls made by a program [http://labs.idefense.com/files/labs/releases/previews/SysAnalyzer/ApiLogger.html]. One of the problems though is that the items are displayed in list boxes and can not be saved to a file.

I was very fortunate in that the application comes with the source code and a GNU GPL licence. So with some additions to the GUI and code I added a save to file functionality and tided up a bit the GUI layout (e.g. 'resume logging' was illegible once clicked on).

Original SysAnalyzer :
http://labs.idefense.com/software/malcode.php

Modified api_logger:

   modified source (with binary) zip : http://www.comp.glam.ac.uk/staff/kxynos/api_log/injector.zip

   modified api_logger binary (includes original api_log.dll) : http://www.comp.glam.ac.uk/staff/kxynos/api_log/api_log.zip
   
   spSubclass.dll (required Ref. dll for VB Project) : http://www.comp.glam.ac.uk/staff/kxynos/api_log/spSubclass.zip
   or
   spSubclass @ http://sandsprite.com/products.html

Static link to this information: http://www.comp.glam.ac.uk/staff/kxynos/api_log.html