Friday, February 28, 2003

Manipulating Online Gaming Servers

Auriemma Luigi wrote an advisory warning how online gaming servers can manipulated to cause a sort of amplication denial of service attack. We've seen similar issues with DNS in 2000. UDP in general is susceptible to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se sorts of attacks because no connection is required.

Wednesday, February 26, 2003

Quiet X on Port 6000 TCP

Page 260 of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second edition of Hacking Linux Exposed gives a simple trick to prevent X from listening on port 6000. If you run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 X Window System using 'startx' from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command prompt, and have nothing but sshd listening, you'll find port 6000 listening once X starts:



netstat -natup

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN


Instead launch cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 X server using 'startx -- -nolisten tcp'. Here's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 netstat output now:



Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN


Better yet, add cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following to your .bash_profile to automate this process:


alias startx='startx -- -nolisten tcp'

Links from SANS Webcast

Here are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 links Alan Paller mentioned in today's SANS webcast:


All IA newsletters


Issue of interest on CIS

Undocumented Features in VMWare

I found an article on using undocumented features in VMWare. Essentially cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author wrote tools to interact with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VM software itself from within a virtual machine. One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tools was ported to Linux and it works.


Monday, February 24, 2003

How Addamark Technologies Detected an Intrusion

I found an article on how Addamark Technologies detected an intrusion. Some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 details sound odd but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article is worth reading anyway. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article:


"On Jan. 20, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security engineers at Addamark Technologies Inc. noticed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem immediately: Someone had accessed a confidential, password-protected document on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company's Web server that contained technical product details.


After studying cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic logs more carefully, San Francisco-based Addamark officials discovered it was no random hack. The intrusion had come from a competitor, ArcSight Inc.


Two seconds after successfully accessing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 file, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 user attempted to bookmark cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 page, which is not a link from any of Addamark's public Web pages."


How does Addamark know that a Web visitor tried to bookmark a page? Did cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 visitor click on a "bookmark this" link on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 web site? Odd.

Run KDE on Windows

I found an article on running KDE on Windows using cygwin. I got KDE to start but couldn't launch any applications due to a "DCOP error". To get KDE to work I had to make cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following adjustments, some of which were listed in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article:


Within cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cygwin bash prompt, I modified my PATH variable:


export PATH=$PATH:/opt/kde2/bin/:/usr/local/lib/qt2/bin:/usr/X11R6/bin:

/bin:/usr/local/kde1/bin:/usr/local/bin:/opt/kde2/lib


I also made a .kde2 directory in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 user's home directory who started KDE, and I copied cygwin1.dll and cygz.dll from c:\cygwin\bin to c:\windows\system32.

Help Net Security Interviewed Judy Novak

Help Net Security interviewed Judy Novak of SANS fame. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article:


I'm currently a senior security analyst for a consulting firm - Jacob and Sundstrom, but I'll be changing jobs in about a month to become a research engineer for Sourcefire.


Good luck Judy!

Sunday, February 23, 2003

Internet Security Scanner Started as a Shell Script

Did you know that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first version of Internet Security Scanner was a shell script? I found it in this 28 Sep 93 post by Christopher Klaus while researching cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 history of vulnerability scanners. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 post:

To sum it up, ISS will scan a domain grabbing essential information for
administrators to easily sort through and give cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m a chance to secure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
open machines on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir network.

---
#! /bin/sh
# This is a shell archive. Remove anything before this line, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n feed it
# into a shell via "sh file" or similar. To overwrite existing files,
# type "sh file -c".
# Contents: iss iss/Bugs iss/Makefile iss/iss.1 iss/iss.c
# iss/readme.iss iss/telnet.h iss/todo
# Wrapped by kent@sparky on Tue Sep 28 21:20:25 1993

Saturday, February 22, 2003

Pluf Simple Hostname Scanner

While reading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second edition of Hacking Linux Exposed, I learned of a simple yet useful tool called Pluf Simple Hostname Scanner, or plushs. I downloaded version 1.2 and installed it without problems on FreeBSD 5.0 REL. You can use plushs to rapidly find PTR records for specified IP ranges. This example returns all PTR records from IPs in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 195.5.3.0/24 block.

hawke# plushs 195.5.3.0-255

[a] 195-0
[b] 5-0
[c] 3-0
195.5.3.1 ==> dns1.sf.ukrtel.net
195.5.3.5 ==> dev.sf.ukrtel.net
195.5.3.7 ==> kep.sf.ukrtel.net
195.5.3.9 ==> cit.sf.ukrtel.net
195.5.3.10 ==> oplot.sf.ukrtel.net
195.5.3.13 ==> mailer.sf.ukrtel.net
195.5.3.65 ==> router.ylt.sf.ukrtel.net
195.5.3.66 ==> ns.ylt.sf.ukrtel.net
195.5.3.67 ==> name67.ylt.sf.ukrtel.net
...edited for brevity...
195.5.3.187 ==> westcrimea.net
195.5.3.190 ==> evpatoria.com.ua
195.5.3.201 ==> kmk.oaokmk.com

========| Network Statistics |====================

Ip range to scan 195.5.3.0-255

Successfull: [ 34.0%]
Unsuccessfull: [ 66.0%]
Timeouts: [ 0.0%]

=-----------------------------------------------=

Total ips to check: 256
Successfull checks: 87
Unsuccessfull checks: 169
Timeouts: 0
Aliases found: 0
Successfull searchs: 0

=-----------------------------------------------=

String format:
Timeout set to: 9 seconds
Wait second set to: 0 seconds

I was also introduced to dnstrace and dnstracesort, part of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 djbdns package.

Foundstone Incident Response in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 News

Foundstone's CEO made cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cover of business lifestyle magazine OCMetro. The article even mentions our forensic and incident response services:


"Foundstone also provides litigation and forensic services to help convict hackers cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y have caught, as well as penetration testing services."

Thursday, February 20, 2003

Wednesday, February 19, 2003

Review of Web Services Security Posted

Amazon.com just posted my four-star review of Web Services Security. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:


Before reading "Web Services Security" (WSS), my knowledge of Web Services relied on a few magazine articles and chapter 10 of "Hacking Exposed: Web Applications." After reading WSS, I have a better idea of how Web Services work and how a variety of acronyms (XACML, XKMS, SAML, etc.) provide security. This 312 page book isn't lengthy enough to make you a Web Services security expert, but it provides a good foundation for consultants and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r professionals.


The latest SANS NewsBites mentioned a story where TriWest Healthcare is being sued for losing customer data to an intruder.

TaoSecurity ISP OK

It looks like my ISP found taosecurity.com's files. Situation normal.

TaoSecurity.com ISP Woes

I just learned cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ISP which hosts taosecurity.com can't seem to find my files...great. I am redirecting taosecurity.com here until I deploy a backup, or until cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ISP gets its act togecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r. Due to DNS changes it may be a while before taosecurity.com appears here.

Tuesday, February 18, 2003

Sguil User Six

According to my friend Bamm Visscher, I just became user number six of Sguil, an interface for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Snort intrusion detection engine. It's in early alpha stages but it smokes everything else available. It's built BY an analyst FOR an analyst. I spent a chunk of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 weekend writing this 4 MB installation guide pdf for it. The 13 MB sguil_complete_17_feb_03.tar archive I mention in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation guide can be downloaded here, for now. There is also a Sourceforge site. Enjoy!

Saturday, February 15, 2003

Bruce Schneier on Full Disclosure and Locksmiths

Bruce Schneier's latest Cryptogram offers an interesting commentary on full disclosure and locksmithing. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article:


"...public scrutiny is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 only reliable way to improve security. There are several master key designs that are immune to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 100-year-old attack that Blaze rediscovered. They're not common in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 marketplace primarily because customers don't understand cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 risks, and because locksmiths continue to knowingly sell a flawed security system racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than admit and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n fix cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem. This is no different from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 computer world. Before software vulnerabilities were routinely published, vendors would not bocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r spending cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time and money to fix vulnerabilities, believing in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security of secrecy. And since customers didn't know any better, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y bought cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se systems believing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to be secure. If we return to a world of bug secrecy in computers, we'll have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 equivalent of 100-year-old vulnerabilities known by a few in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security community and by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hacker underground."

Wednesday, February 12, 2003

Marcus Ranum on Firewalls

Marcus Ranum, one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 smartest security visionaries around, made an interesting post on 31 Dec 02 to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Focus-IDS list. He's right, as usual, about several issues. I especially applaud his proxy firewall ideas:


"About a million years ago I was designing and coding firewalls. I wrote pure proxy firewalls. OK, actually, I _invented_ pure proxy firewalls. You know what? I still think that, for security, it's The Way To Do It and everything else sucks. But cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 industry appears to disagree. That's OK, it's customer choice. But if I was reviewing product firewalls, guess which ones I'd say sucked and which didn't? If I developed a firewall testing methodology, NONE of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 packet screens would have cut it. And people would have been able to accuse me of trying to promote my own product because my _beliefs_ and my _implementation_ were inseparable."

JTF-CNO Splits

This article discusses splitting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Joint Task Force - Computer Network Operations (JTF-CNO) into two separate units -- one for attack and one for defense. I remember when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 JTF-CND was created, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n became cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 JTF-CNO. I didn't know that STRATCOM and SPACECOM had merged as of last October, though! From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article:


No full-scale cyberattack on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 United States from a known enemy has been documented, and that also complicates cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 issue because DOD would not want to attack a nation-state's computer operations based on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 actions of a few skilled hackers, Campen said. He added that it is not clear whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r a cyberattack would be anything more than a nuisance to U.S. enemies unless it was done in conjunction with more traditional acts of war.

Review of Absolute BSD Posted

Amazon.com just posted my five star review of Absolute BSD. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:


This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sort of book I've been waiting for, since reading Annelise Anderson's "FreeBSD" almost one year ago. Michael Lucas is well-known for his articles, and his knowledge and easy conversational style shine in "Absolute BSD." Of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 four books I've read with "FreeBSD" in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 title, this has been cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most helpful -- but not necessarily cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most comprehensive.

Tuesday, February 11, 2003

Rik Farrow on Firewalls

Rik Farrow wrote anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r interesting column for Network Magazine. It's A Farewell to Firewalls? and talks about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security implications of web services. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article:


SOAP leaves some things unchanged. Your firewall will permit access to public Web servers that provide Web services and block access to internal servers. And internal clients will still be permitted to visit Web servers and read e-mail. But cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 paradigm changes here, as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 emphasis changes from execution of remote methods on remote servers to include cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 execution of remote code on local clients. Execution of remote code on IE is already well known as a successful attack vector. Will cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security features of .NET or Java mitigate this threat?

Friday, February 07, 2003

Cyber Warfare in Iraq

The Washington Post offers an interesting article about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 U.S. government's preparations for "cyber warfare" in Iraq. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article:


The full extent of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 U.S. cyber-arsenal is among cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most tightly held national security secrets, even more guarded than nuclear capabilities. Because of secrecy concerns, many of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 programs remain known only to strictly compartmented groups, a situation that in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 past has inhibited cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 drafting of general policy and specific rules of engagement.


Gregory Rattray wrote Strategic Warfare in Cyberspace, which is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 definitive work on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 subject. I reviewed it in Jun 02.


Tomorrow is my "Internet birthday." 8 Feb 94 is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first publicly available evidence that I had access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet. It's manifested in this USENET post.

Wednesday, February 05, 2003

FreeBSD Serial Console Access

I enabled serial console access on one of my FreeBSD 5.0 RELEASE boxes. First I checked to see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 serial ports available:

#dmesg | grep sio
usb0: USB revision 1.0
sio0 port 0x3f8-0x3ff irq 4 on acpi0
sio0: type 16550A
sio1 port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A

I checked to see what devices I had:

#ls -al /dev/cua*
crw------- 1 root wheel 28, 128 Feb 3 22:07 /dev/cuaa0
crw-rw---- 1 uucp dialer 28, 129 Feb 3 21:50 /dev/cuaa1
crw-rw---- 1 uucp dialer 28, 160 Feb 3 21:50 /dev/cuaia0
crw-rw---- 1 uucp dialer 28, 161 Feb 3 21:50 /dev/cuaia1
crw-rw---- 1 uucp dialer 28, 192 Feb 3 21:50 /dev/cuala0
crw-rw---- 1 uucp dialer 28, 193 Feb 3 21:50 /dev/cuala1


Then I added cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following line to /etc/ttys



cuaa0 "/usr/libexec/getty std.38400" vt100 on secure

Then I restarted init via 'kill -HUP 1' and checked to see what had changed:



#ps -auxww | grep cua
root 493 0.0 0.3 1184 864 a0 Is+ Mon10PM 0:00.01 /usr/libexec/getty std.38400 cuaa0

Now I can use Windows HyperTerminal or a similar program to access my FreeBSD box using a serial cable and null modem.