| |
| Current Topic: Technology |
|
Zebedee: Secure IP Tunnel |
|
|
|---|
| Topic: Technology |
1:27 pm EDT, Sep 26, 2005 |
Zebedee is a simple program to establish an encrypted, compressed “tunnel” for TCP/IP or UDP data transfer between two systems. This allows traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression.
Excellent project. Very good case study into tunneling Layer 7 in Layers 3/4. Zebedee: Secure IP Tunnel |
|
Phuture Of Phishing: Presentation and code |
|
|
|---|
| Topic: Technology |
4:41 pm EDT, Sep 23, 2005 |
The Phuture of Phishing
by: Billy Hoffman Phishing, or the act of tricking a user into revealing confidential information, is a big business. In this presentation, we first discuss what phishing is and how it works. We examine the current tricks and techniques that phishers use to steal information such as CSS positioning, host obfuscation, and malware. Next we evaluate the pros and cons of current phishing defensives such as blacklisting, country reconciliation, and reputation systems. Then we discuss a coming trend in phishing attacks: using cross-site scripting (XSS) to embed a phishing site inside the victim website. Finally, we discuss how XSS/Phishing attacks circumvent most existing defenses, and we demonstrate a free defensive tool, LineBreaker, which can actively detect and stop these types of attacks.
SPI Dynamics is hosting my Toorcon presentation and is hosting my free defensive tool. The above summary isn't on the page yet, but you can download the source code/Jar of LineBreaker, and a PDF or Flash version of my presentation for the memed website. I even quote Tom Cross in the presentation when discussing the offensive tool (which cannot be downloaded) Tom Cross: This technology has no legitimate use.
SPI has been very supportive of my research, and I hope they continue to do so. Phuture Of Phishing: Presentation and code |
|
Google Maps: Missile Silos, B2 Bombers, and French Subs, Oh My! |
|
|
|---|
| Topic: Technology |
2:06 pm EDT, Sep 20, 2005 |
The Register has some great pictures of various things around the world. -A Russian Nuclear Missle Base
-French Sub base
-British Battleships
-Stealth Fighters
-B2 Bombers
-B1 Bombers
-A10 Warthogs Google Maps: Missile Silos, B2 Bombers, and French Subs, Oh My! |
|
The strangest of fan letters... |
|
|
|---|
| Topic: Technology |
1:14 pm EDT, Sep 19, 2005 |
This was in my SPI inbox this morning Hi Billy, Would it be possible to get a copy of the XSS vuln scanner and the proxy tool for keyword detection? I enjoyed your talk. Cheers, Kevin Mitnick
|
|
|
|---|
| Topic: Technology |
3:52 am EDT, Sep 13, 2005 |
acidus@reload dist]$ java -jar XSSScanner.jar http://zero.webappsecurity.com
--
Crawling...
---
Done (200 OK: 20 404 Not Found: 5)
Checking "http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess
&templateName=prod_sel.forte&source=Freebank
&AD_REFERRING_URL=http://www.Freebank.com" Using tracer:XSSTracer7699183
checking param "serviceName"
checking param "templateName"
checking param "source"
checking param "AD_REFERRING_URL"
Checking "http://zero.webappsecurity.com/plink.asp?a=b&c=12"
Using tracer:XSSTracer17510567
checking param "a" *** FOUND TRACER using param "a" in "http://zero.webappsecurity.com/plink.asp?a=XSSTracer17510567&c=12" checking param "c" *** FOUND TRACER using param "c" in "http://zero.webappsecurity.com/plink.asp?a=b&c=XSSTracer17510567" Checking "http://zero.webappsecurity.com/banklogin.asp?err=Invalid+Login:"
Using tracer:XSSTracer27744459
checking param "err" *** FOUND TRACER using param "err" in "http://zero.webappsecurity.com/banklogin.asp?err=XSSTracer27744459" ---
3 XSS Holes found.
3 unflitered params found
1 vuln form found
-- [acidus@reload dist]$ |
|
Line Breaker Sneak Peek (JPG) |
|
|
|---|
| Topic: Technology |
2:37 am EDT, Sep 12, 2005 |
Yes, it works.
Yes, the throughput is reasonable.
Yes, it runs on Windows, Linux, Mac, and BSD.
Yes, only a browser that understands proxies is needed
Yes, your end users can't screw it up.
Yes, it's 1 of only 2 tools that stop XSS/Phishing attacks (NetCraft being the other)
Yes, it is more powerful than the NetCraft Toolbar
Yes, I'm adding traditional Phishing defenses (backlists, etc) Yes, I have learned more about HTTP over the last week than I ever imagined! Line Breaker Sneak Peek (JPG) |
|
|
|---|
| Topic: Technology |
4:49 am EDT, Sep 11, 2005 |
In a white lab coat, I mix the unlikely. It compiles, It runs. It protects against nasties. Its 4:53am. [Removes White coat, puts on Black hat] 6 more days to finish one hell of a presentation. [Continues typing] |
|
Unpatched Firefox flaw may expose users |
|
|
|---|
| Topic: Technology |
2:27 pm EDT, Sep 9, 2005 |
Mozilla, which coordinates development of Firefox and distributes the software, could not immediately comment on the flaw disclosure. However, a source close to the organization confirmed that Ferris had filed several bug reports, including this specific one. Since the debut of Firefox 1.0 in November, usage of the open-source browser has grown. Security has been a main selling point for Firefox over Microsoft's Internet Explorer, which has begun to see its market share dip slightly--for the first time in years.
[Sigh]... The stance people are starting to take is "See, FireFox is insecure too!" You better believe Microsoft is going to pushing this idea. However, if you actually read the advisory, it becomes perfectly clear with 2 sentences why Firefox is and shall remains the superior browser: The problem seems to be when a hostname which has all dashes causes the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true, but is sets encHost to an empty string. Meaning, Firefox ppends 0 to approxLen and then appends the long string of dashes to the buffer instead.
He discusses specific functions and variable names that are in the human readable format, because this vulnerability was found by examining source code. This is something you can never do with Microsoft code, and is why the Open Source Model can produce a more secure product then Closed Source. Unpatched Firefox flaw may expose users |
|
|
|---|
| Topic: Technology |
9:41 pm EDT, Aug 31, 2005 |
Folks, I'm speaking at Toorcon and have a free ticket if anyone wants it. September 17th and 18th in sunny San Diego. |
|
|
|---|
| Topic: Technology |
11:35 am EDT, Aug 26, 2005 |
Cisco's theory, then, was that by decompiling the source code to find the vulnerability, Lynn (and presumably his employer, ISS) violated the terms of the EULA - a contract. This contract violation then meant that the license to acquire or use the software was violated, and Lynn was using a copyrighted work (the software) without the consent of the copyright holder - thus a copyright violation - which gets Cisco into federal court rather than state court. When Lynn and Black Hat sought to publish the bits of source code in the presentation, they were alleged to be distributing the code in violation of the EULA and copyright law, and also violating Cisco's right to protect its trade secrets. Finally, Lynn was alleged to have violated the terms of his ISS non-disclosure agreement by disclosing information at the conference that he learned "in secret" from ISS under the NDA - presumably information that ISS obtained by unlawful reverse engineering!
The Register has a good piece on the legality of disassembling code and the reach of End User License Agreements (EULA). The cite Mike's case heavily. Very nice (even though they keep saying "decompiling the source code." If you have the source code, you wouldn't need to decompile it!). Legal disassembly |
|
