December 11, 2007 at 6:21 pm
· Filed under Technology
Disclaimer: What I am about show you can get you fired at work. I have explicit written permission to do this where I work. I would suggest you do the same. The reason this can get you fired is because you can use it evade website blocking. If a company has gone through the trouble to implement website blocking, you can be certain that they have a policy that says if you circumvent it, you will be terminated. Don’t be stupid.
Have you ever been to a coffee shop or an airport or a technology conference where you wanted to login to webmail or a web forum that isn’t completely SSL encrypted, but you didn’t want someone to sniff your passwords or authentication cookies? You could use a VPN, but unless you already have that setup, that’s just another hoop to jump through. Why not use something you already have available to you to keep you safe. You can do this by using Secure Shell or SSH Tunneling. SSH is a protocol that was created to connect to a remote computer with a secure interactive shell. SSH can also do many other things - from copying files securely to remote systems using SCP to acting like a proxy server for your local client applications. For all the uses of the SSH protocol, look at the Secure Shell wikipedia article referenced above.
I’m going to show you how to use SSH to connect to remote SSH server and make this connection look like a SOCKS proxy to your applications. Once the connection is setup and created, you will need to configure your local programs to use the SOCKS proxy. Do this by telling them to connect to a port on your local computer that is tunneled over the encrypted connection to the SSH server. In order to do this, you will need an external SSH server to connect to you. You can run one at home or connect to a webhosting company where you have an account. I use DreamHost. If you run one at home, I’d recommend that you not run it on the default port (22) due to SSH brute force attacks. Read the rest of this entry »
The Department of Homeland Security already knows everything about your travel. Now, for the first time, The Identity Project makes it easy for you to request the unclassified parts of the dossier that the DHS has complied on you.
Warning: You can only request records on behalf of yourself or others with their written explicit permission. There are severe penalties for making requests for records on someone else without their knowledge.
November 15, 2007 at 6:15 pm
· Filed under Projects
StopBadware is a website that publishes reports on websites that distribute malware. They also allow for you to submit your own link for site that you would like for them to review. The work with the FTC to have sites shutdown. I am planning on using their site my first malware reverse engineering. I can compare my findings to what they have found to make sure I can get good at figuring out what malware does that others haven’t analyzed yet.
September 5, 2007 at 1:40 pm
· Filed under Technology
About four years ago to the date, I was looking for a DNS brute forcer due to the fact that many people were getting wise and locking down DNS zone transfers. I actually advised our security admin at work that we were allowing internal zone transfers to any IP that requested one. While not getting much help from the request for such a tool and not having time or enough interest to code my own, I dropped the idea. It appears that others in the InfoSec community had the same idea. About a week ago while catching up on old PaulDotCom Security Weekly episodes, I heard them mention a tool called Fierce Domain Scanner. This is a perl script that can be used on Windows using Cygwin (It does require a couple of perl modules). This tool first tries to perform a zone transfer. If that fails it the starts to guess domain names by doing a reverse lookup of the initial domain.com. What’s cool about it is that once it finds a computer in the domain space, it will start doing reverse lookups on either side of that IP five sequential IPs and below the IP it just found. It does this for each IP it finds in that domain using recursion. The number of IPs on either side defaults to 5, but can be set using the -traverse switch or expand it to the entire class C using the -wide switch. This is extremely helpful if the computers who’s IP addresses sequentially numbered. It also probes for internal IPs in case the target uses one DNS server for both internal (RFC 1918 addresses) and external DNS requests. Read the rest of this entry »
I really wish he would have tried weasel his way out of being charged of running a dog fighting ring. He will probably get off too easy now. It is speculated that he will “will serve between one and two years in prison. He will certainly face an NFL suspension beyond his prison sentence, and he may never play football again.” I personally think he should have been tortured, but that’s just me.
Being a pitbull owner I am completely disgusted by this type of behavior. I choose to own two American Pitbull mixes to educate people about how great these dogs are. It’s a shame that people could get pleasure by watching two animals tear each other apart until one of them can no longer continue. The picture above is one of Vick’s fighting dogs. You can see the scars all over it’s face. Pitbulls are very loyal dogs. I’ve personally never seen one show any aggression towards people. One of our’s is skitish around new men that he meets, but he wouldn’t hurt anyone. Our other pit mix has never met a stranger. She does have a bit of dog aggression, but that’s what the bread was bread to do. She minds well and will leave other dogs alone if I tell her to and I’m around to watch her. We wouldn’t leave her alone with another strange dog, but that’s part of being a responsible pitbull owner. We choose to be pitbull owners to help offset the public stereo types that come from the rap industry and people like Michael Vick. I’m happy that I have rescued at least two from the fate that so many pitbulls suffer from because of dog fighting. You can see pictures of Muttley and Moxie using the photos link above.
August 7, 2007 at 10:52 am
· Filed under Technology
Lately I have been catching up on podcasts that I hadn’t had time to listen to. One of my favorites is SecurityMonkey podcast. It’s by the same guy who writes A Day in the Life of an Information Security Investigator blog. I really wish it would come out more regularly. I always get something out of every single episode.
The last episode I listened to was episode 15. One of the things I got out of this podcast was information about a utility called VoIPong. I’ve copied the description and features from the VoIPong webpage. The next time I have an opportunity to test this program, I will and post my results.
August 5, 2007 at 3:22 pm
· Filed under News, Technology
I really wish the press would stop feeding the public the idea that the word hacker is bad. Defcon is place where trust has been established over the years between information security researchers, the press, and the feds. People who break the law should be labeled a criminal and not a hacker. Reporters who report this misinformation, like this lady, Michelle Madigan (Associate Producer of NBC Dateline) , finally got exactly what they deserved.
According to DefCon staff, Madigan had told someone she wanted to out an undercover federal agent at DefCon. That person in turn warned DefCon about Madigan’s plans. Federal law enforcement agents from FBI, DoD, United States Postal Inspection Service and other agencies regularly attend DefCon to gather intelligence on the latest techniques of hackers. DefCon holds an annual contest called Spot the Fed, in which attendees out people in the audience they think are undercover federal agents. The contest is good-natured, but the feds who get caught are generally ones who don’t mind getting caught.
I got tasked with a project at work that has been taking up all of my free time. I’ve finally gotten some relief, but have been swamped for so long that I haven’t wanted to work on stuff here. I started a blog post on the configuration of the honeywall, which is the first road I’m going down. I couldn’t finish it because I got to point where I needed host information that I don’t have yet because I haven’t built it, which is why it hasn’t been posted yet.
While doing my presentation at CarolinaCon 2007, “How to 0wn CTF”, the question of the winner came up as to if they were actually the winner or did they cheat by using SQL injection. I’ve been racking my brain off and on whenever I get a chance try to come up with a way to do a SQL injection to attack my application. It’s pretty trivial to just add the following to an item in the flag file to get the sql command to execute:
‘;<sql statement you want to run>
The issue that I take with this is that you need to know the table and field names to do any type of INSERT or UPDATE.
