Sunday, July 30, 2006

Port Scanning with JavaScript

From SPI Labs, SPI Dynamics.com

"... Imagine visiting a blog on a social site like MySpace.com or checking your email on a portal like Yahoo’s Webmail. While you are reading the Web page JavaScript code is downloaded and executed by your Web browser. It scans your entire home network, detects and determines your Linksys router model number, and then sends commands to the router to turn on wireless networking and turn off all encryption. Now imagine that this happens to 1 million people across the United States in less than 24 hours.

This scenario is no longer one of fiction. ..."


SPI Labs has discovered a technique to scan a network, fingerprint all the web-enabled devices it finds, and send attacks or commands to those devices.

This technique can scan networks protected behind firewalls such as corporate networks. All the code to do this is written in JavaScript and uses parts of the standard that are almost 10 years old.

Accordingly, the code can execute in nearly any web browser on nearly any platform when a user simply opens a webpage that contains the JavaScript. Since this is not exploiting any browser bug or vulnerability, there is no patch or defense for the end user other than turning off JavaScript support in the browser.

The code can be part of a Cross Site Scripting (XSS) attack payload, increasing the damage XSS can do.

SPI has published a whitepaper(pdf) and a proof of concept page for port scanning arbitrary IP addresses using this technique.

Posted by Jayesh at 8:11 PM 0 comments

Wednesday, July 26, 2006

OpenRCE

The Open Reverse Code Engineering community - OpenRCE - was created to foster a shared learning environment among researchers interested in the field of reverse engineering. OpenRCE aims to serve as a centralized resource for reverse engineers (currently heavily win32/security/malcode biased) by hosting files, blogs, forums articles and more.

Posted by Jayesh at 7:57 PM 0 comments

Tuesday, July 25, 2006

Nepenthes

Nepenthes is a versatile tool to collect malware. It is designed to emulate vulnerabilties worms use to spread, and to capture these worms.

Posted by Jayesh at 7:35 PM 0 comments

Packet Analysis: TCP 1433 Traffic

SANS Handler's Diary has an interesting analysis of network traffic that is having a vulnerability signature of an attack against unpatched Microsoft SQL Server 2000 systems.
read more ...

Posted by Jayesh at 7:19 PM 0 comments

Thursday, July 20, 2006

Bugle : Google Source Code Bug Finder

-From cipher.org.uk
Bugle is a collection of google queries for searching software security bugs in source code available on the web. An example search query for finding a potential buffer overflow resulted by strcpy in C files is : "strcpy(buffer|buf,str)" filetype:c

read more ...

Posted by Jayesh at 6:55 PM 0 comments

Wednesday, July 19, 2006

Become a Friend of Firefox

The Mozilla Corporation is celebrating "World Firefox Day" three years after the formation of the Mozilla Foundation. As part of the festivities, the company is encouraging its fans to get one person to switch to the alternate Web browser, in exchange for being immortalized in the Firefox 2.0 source code.

Starting from July 15, you can share Firefox with a friend. If your friend downloads Firefox before September 15, you'll both be immortalized in Firefox 2. Names will be displayed on a digital "Firefox Friends Wall" at Mozilla headquarters in Mountain View, Calif. In addition, the names will be accessible from within Firefox 2.0, due to launch in the fall, although the company has yet to decide the specifics.

Posted by Jayesh at 12:23 PM 0 comments

Monday, July 17, 2006

Chinese Skype Hype

The Chinese Skype clone report is a media hype or a real is yet to be known as the real proof for the claim is still not available in public. But a detailed scientific study on the inner-workings of Skype and how to reverse engineer it ( Silver Needle in the Skype ) was already presented before at the Blackhat Europe conference a few months ago by Philippe Biondi and Fabrice Desclaux.

Another excellent analysis of the underlying cryptographic protocols by Tom Berson can be found here.

Posted by Jayesh at 1:07 PM 0 comments

Skype Protocol Has Been Reverse Engineered?

From Charlie Paglee, voipwiki.com.
A company in China has successfully reverse engineered the Skype protocol. The unnamed company has created a client that is capable of communicating on the VOIP phone solution. They plan to create a 100% Skype-compatible client and release the source code for licensing.

The new client that they are going to release will not support Skype’s Super Node technology. Right now every computer with Skype installed on it can be used as a relay to carry data between two other computers when both of those computers are only allowed to make outgoing TCP calls. This means that very soon Skype users will have an alternative client which will not hijack their computer. This could eventually have a very negative effect on the Skype network if too many people choose not to act as Skype Super Nodes and the network starts to deteriorate.
read more ...

Posted by Jayesh at 11:49 AM 0 comments

Tuesday, July 11, 2006

ICMP Tunneling with Skeeve

- From gray-world.net
Skeeve is a POC tool you can use to simply create an ICMP tunnel between two computers, which may be located in different networks and separated by a firewall. Skeeve utilizes ICMP packets and IP address spoofing technology to create a data channel in order to redirect TCP connections inside this channel.

Skeeve creates an ICMP tunnel which is based on the use of a Bounce server.
read more ...

Posted by Jayesh at 5:59 PM 0 comments

Monday, July 10, 2006

Basic journey of a packet

- From Don Parker, securityfocus.com
The purpose of this introductory article is to take a basic look at the journey of a packet across the Internet, from packet creation to switches, routers, NAT, and the packet's traverse across the Internet. This topic is recommended for those who are new to the networking and security field and may not have a basic understanding of the underlying process.
read more ...

Posted by Jayesh at 8:43 PM 0 comments

Introduction to Reverse Engineering Software

Book: Authors - Mike Perry & Nasko Oskov
 This book is an attempt to provide an introduction to reverse engineering software under both Linux and Microsoft Windows�. The goal of this book is not to cover how to reproduce an entire program from a binary, but instead how to use the Scientific Method to deduce specific behavior and to target, analyze, extract and modify specific operations of a program, usually for interoperability purposes. As such, the book takes a top-down approach, starting at the highest level (program behavior) and drilling down to assembly when it is needed.
read more ...

Posted by Jayesh at 8:40 PM 0 comments

Blue Pill technology for creating undetectable malware

- From 'theinvisiblethings.com' blog
"Imagine a malware (e.g. a network backdoor, keylogger, etc...) whose capabilities to remain undetectable do not rely on obscurity of the concept. Malware, which could not be detected even though its algorithm (concept) is publicly known. Let's go further and imagine that even its code could be made public, but still there would be no way for detecting that this creature is running on our machines..."

A technology code-named Blue Pill, which is just about that - creating 100% undetectable malware, which is not based on an obscure concept, uses AMD's SVM/Pacifica virtualization technology to create an ultra-thin hypervisor that takes complete control of the underlying operating system.
read more ...

i) Introducing Blue Pillii) The Blue Pill Hype

Posted by Jayesh at 8:30 PM 0 comments

Google Account Authentication

- From code.google.com
Google Accounts authentication for web-based applications allows the application to access a Google service protected by a user's Google account. To maintain a high level of security, the Authentication Proxy interface, AuthSub, enables the application to get an authentication token without ever handling the user's account login information. Using the proxy, the user of the web application logs into their account through a Google-supplied login page and consents to grant limited access to the web application.
read more ...

Posted by Jayesh at 8:10 PM 0 comments

Search Engine for Open Source Code

Search engines like Krugle and Koders make it easy for developers to find existing source code and technical information that solves many common development problems from a variety of open source projects.

You can find code in C, C++, C#, Java, Perl, Python, PHP, SQL, Ruby, XML and more, view it syntax highlighted, locate the library in the structure of the program, save it and share it with others.

Posted by Jayesh at 7:37 PM 0 comments

Tuesday, July 04, 2006

Month of Browser Bugs

HD Moore published a blog entry announcing the Month of Browser Bugs (MoBB) project, where he will publish a new browser hack, every day, for the entire month of July 2006. Three unpatched IE and one Firefox bugs are already out, the second one (HTML Help Control Memory Corruption in IE) is rated as highly critical vulnerability which could be exploited by remote attackers to crash a vulnerable browser or potentially take complete control of an affected system.
read more ...

Updated:
1. Complete list of bugs
2. Browser fuzzing for fun and profit
3. Browsers feel the fuzz

Posted by Jayesh at 1:00 PM 0 comments

Subscribe to: Posts (Atom)