Mar 26 2009

Researcher cracks Mac in 10 seconds at PWN2OWN, wins $5k

Charlie Miller, a security researcher who hacked a Macintosh in two minutes last year at CanSecWest’s PWN2OWN contest, improved his time today by breaking into another Macintosh in under 10 seconds.

Miller, an analyst at Independent Security Evaluators in Baltimore, walked off with a $5,000 cash prize and the MacBook he hacked.

“I can’t talk about the details of the vulnerability, but it was a Mac, fully patched, with Safari, fully patched,” said Miller on Wednesday, not long after he had won the prize. “It probably took five or 10 seconds.” He confirmed that he had researched and written the exploit before he arrived at the challenge.

The PWN2OWN rules stated that the researcher could provide a URL that hosted his exploit, replicating the common hacker tactic of enticing users to malicious sites where they are infected with malware. “I gave them the link, they clicked on it, and that was it,” said Miller. “I did a few things to show that I had full control of the Mac.”

Two weeks ago, Miller predicted that Safari running on the Macintosh would be the first to fall.

PWN2OWN’s sponsor, 3Com Corp.’s TippingPoint unit, paid Miller $5,000 for the rights to the vulnerability he exploited and the exploit code he used. As it has at past challenges, it reported the vulnerability to on-site Apple representatives. “Apple has it, and they’re working on it,” added Miller.

Source: ComputerWorld

Mar 24 2009

HP SWFScan – Flash Vulnerability Scanner

HP SWFScan, a free tool developed by HP Web Security Research Group, will automatically find security vulnerabilities in applications built on the Flash platform.

How SWFScan works and what vulnerabilities it finds?
* Decompiles applications built on the Adobe Flash platform to extract the ActionScript code and statically analyzes it to identify security issues such as information disclosure.
* Identifies and reports insecure programming and deployment practices and suggests solutions.
* Enables you to audit third party applications without requiring access to the source code.

Which versions of Flash will HP SWFScan support?
All public versions of Flash as of this writing. In other words, up to and including Flash 10, though as long as SWF uses ActionScript 2 or ActionScript 3 SWFScan should continue to work.

Can I load Flash applications from the Internet?
Yes. Specify the URL of the SWF file to be scanned and click ‘Get’.

Download: http://www.hp.com/go/swfscan

Mar 19 2009

Road signs hacked in NYC

Electronic road signs in downtown New York City were broken into over the weekend and instead of telling drivers to go slowly next to a Houston Street construction site, they flashed prankster messages such as “New York is dying,” according to a report from The New York Post.

The newspaper Tuesday reported that the electronic road signs — called variable message signs in the industry because they can be easily programmed by local traffic authorities to show illuminated instructions for what to do in bad weather or around construction — were tampered with in the lower Manhattan area over the weekend. According to the report, pranksters opened the backs of the signs and reprogrammed them using the control-box keypad.

Pranksters hit variable message signs used for traffic control in Collinsville, Ill., in February, changing them to read “Daily lane closures due to zombies.” In the same period, Carmel, Ind., had road signs altered to read “Raptors ahead—Caution!” And Austin, Texas, road signs also were struck by pranksters, who altered them to read “Nazi zombie! Run!”.

Source: Network World

Mar 17 2009

dnsmap 0.22 Released – Subdomain Bruteforcing Tool

dnsmap is a subdomain bruteforcer for stealth enumeration.

Originally released in 2006, dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc. dnsmap was included in Backtrack 2 and 3, although the version included is the now dated version 0.1.

Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work.

Original Features of Version 0.1
* obtain all IP addresses (A records) associated to each successfully bruteforced subdomain, rather than just one IP address per subdomain
* abort the bruteforcing process in case the target domain uses wildcards
* ability to be able to run the tool without providing a wordlist by using a built-in list of keywords
* bruteforcing by using a user-supplied wordlist (as opposed to the built-in wordlist)

New Improvements in Version 0.22
* saving the results in human-readable and CSV format for easy processing
* fixed bug that disallowed reading wordlists with DOS CRLF format
* improved built-in subdomains wordlist
* new bash script (dnsmap-bulk.sh) included which allows running dnsmap against a list of domains from a user-supplied file. i.e.: bruteforcing several domains in a bulk fashion
* bypassing of signature-based dnsmap detection by generating a proper pseudo-random subdomain when checking for wildcards

Usage

usage: dnsmap [options]
options:
-w
-r

Download :
http://lab.gnucitizen.org/projects/dnsmap

Mar 15 2009

Dyne’s Hackers List v1.10

My little tribute to the “heroes of the computer revolution”, as Steven Levy would put it.
by dyne / zed.m6.net – last modified: jan 28, 2009

The list is presented in chronological order, except for those entries where the date of birth is unknown. It includes academic hackers working on early minicomputers, prominent hackers from the open source software movement, the computer underground/hacker scene, and security experts.

It includes the most famous hackers, Groups and is provided for historical reference.
Black Hats, Phreakers, & Other Tales From The Dark Side.

This is a very complete list, probably the most complete one I’ve seen and it includes pictures – pictures of people who rarely have their pictures taken or allow them out on the Internet.

Take a look…!

Dyne’s Hackers List v1.10
http://zed.m6.net/dyne/hackers.php