Over at SkullSecurity they’ve done a great job of a step-by-step disassembly of the Energizer Trojan using IDA. Using a sterile/insight environment, they go through the code to give you an insight into the workings of “obfuscation” (or lack thereof), backdoor management (on port 7777) and more.
Good beginner’s intro with pretty pictures 
After a long, hard struggle of 11 years, which started with these two entries:
| 23-Dec-1998: | Released OpenSSL 0.9.1c |
| 23-Dec-1998: | Official start of the OpenSSL project |
we are now at the point of “a major release” with v1.0.0 being made available. Fighting tooth and nail not to be a 1.0.0, we’ve seen iterations such as 0.9.8d to 0.9.8n (taking a page out of Google’s book of running pre-release?), though, to be fair, they started at 0.9.1c.
Go on, then — go and get it!
Moxie Marlinspike will be at the Security Summit 2010 this year at the Sandton Convention Centre – well, at least he’s on the lineup – and should give some insights; Jeremiah Grosman is back (from White Hat Security) and Joe Grand (from l0pht Heavy Industries – remember l0phtCrack?) will also have some words to say.
Lets hope that the vendor presentations will be kept a mimimum with a focus on content rather than “Oh, we are great”…
Johannesburg, May 11-13, 2010
A Swiss firm, Objectif Sécurité, makers of Ophcrack_Office (for Word and Excel files) and Ophcrack Open Source (over at sourceforge.net), has tweaked their application to crack XP passwords with up to 14 characters on a Steady State Drive interface (think of large, light, laptop drive using Flashdrive technology) through rainbow tables (pre-calculated hashes) in an average of 5.3s.
Seek times on the SSD seem to be the big tweak here:
Oechslin has fitted an elderly Athlon 64 X2 4400+ with an SSD and the optimised tables. This system can, with only a 75% CPU utilisation, crack a 14 digit password with special characters, in an average of 5.3 seconds. Oechslin says that, worst case, it should be able to search arithmetically through 300 billion passwords per second, a speed that is a factor of 500 faster than an Elcomsoft cracker supported by a modern Tesla GPU from NVIDIA.
Elmcomsoft has a variety of really good brute-force and dictionary-based password attacks on the full Office suite, including a distributed version to run in the cloud (which I wrote about some time ago). As cool as the software is, it doesn’t allow the removal of cell-based or sheet-based passwords (which kinda sucks), and the password.xla file which seems to be the big thing from staxx.com requires a whole whack of goodies to run on Office 2007 natively.
Enter the same macro that McGimpsey & Associates published in 2004 (reproduced here as per their GPL licence) that removes all internal Excel Passwords: (more…)
The attack (Operation Aurora) on around 20 companies in the US, including Google, Adobe, Juniper Networks and others using the zero-day exploit of Internet Explorer is partly linked to social engineering — as the carefully crafted emails were plausibly created and structured, users bought into it. Once the machine was owned after the payload was released, the affected machine would contact a Command and Control (C&C) server that would send back specific instructions based on Workgroup name and machine environment (OS etc), accepting and transmitting data via a home-made encryption based piggy-backed onto the 443 port — typically reserved for the HTTP SSL transfer of data. (more…)
Ain’t that a kick in the head! Rollover from 2009 to 2010 has not been processed correctly on many systems, including Symantec’s Endpoint Protection Manager, they have confirmed in a statement
An issue has been identified in the Symantec Endpoint Protection Manager (SEPM) server whereby all types of SEP definition content [AV/AS, IPS] with a date greater than December 31, 2009 11:59pm are considered to be “out of date”.
Remember that we spoke about Symantec in the glorious (dodgey) Virus Scanner Comparison.
Australian POS systems have jumped from 2009 to 2016 (pity about the malformed dec2hex function they must have been using (or forgot to use?), and up to 30mil users in Germany can’t use their bank cards at ATMs or POS machines due to invalid date calculations.
In addition, there also seems to be the occasional SMS (or text message) running through networks which have issues with future-stamped timestamps, causing a wide variety of reporting and integrity issues…
Hm, I wonder what implications the 2011-2012 rollover will bring with it (cue Mayan death-drone…)
Die Zeit berichtet, daß Datenschützer, auch mittels Bußgelder bis zu €50 000, von dem Gebrauch Google Analytics abraten möchten. “Google Inc. räumt sich ausdrücklich, in seinen beim Einsatz zu akzeptierenden Regularien das Recht ein, die über den einzelnen Nutzer mittels einer eindeutigen Kennung gewonnenen Daten mit anderen, bereits gespeicherten Daten” etwa aus Google Mail “zu verknüpfen und diese Informationen an Dritte weiterzugeben.” Der Hauptpunkt dieser Entscheidung hängt damit zusammen, daß der Benutzer sich nicht ausdrücklich einverstanden erklären muß, bevor die Privatdaten (etwa geografische Lage, Rechnereinstellungen) einfach an Dritte übertragen werden. Die Debatte läuft, mal sehen, was drauß wird!
In short, to re-iterate what I wrote above in a short point: As you do not explicitly opt in to the use of Google Analytics, German lawmakers are trying to dissuade/stop the use of GA on sites in Germany with the added incentive of fines up to €50 000 so as to protect individual’s personal privacy rights.
Just got another comment posting request relating to a version 5.0 release of automated forum/blog spamming software which is guaranteed to get your customers ‘closer to your products’ by improving product and site visibility. It can also do in-forum PMs ‘for a more personal touch’ — ie violate any terms and conditions of a user environment to spam the web for cheap cross-links (at $540 for the app — including automatic Captcha recognition). (more…)
The folks over at www.foregroundsecurity.com have discovered (another) Flash exploit that makes use of a same-origin policy interpretatino malformation in the application.
This vulnerability allows the same-origin policy of Adobe Flash to be exploited to allow nearly any site that allows user generated content to be attacked. No fix for this vulnerability currently exists.
Two ways of dealing with it (more…)
Another quick upgrade to make it safe — 2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. Not really pertinent here but good to keep it closed The patching deals mainly with untrusted user issues, but “upgrading to 2.8.6 is recommended”.
But you knew that already
There are a range of ways that cloud computing can be used to leverage the power of a range of machine to achieve cheaply what you wouldn’t necessarily invest physically in. And to crack PGP or system passwords, you typically just need a lot of machines. So there are a few demonstrations here and here that show off the whole process, including spawning more instances than they typicially want you to It’s all based on using ElcomSoft’s Distributed Password Recovery.
Cool!
There’s a note on why to keep patching – How To Keep WordPress Secure over at the WordPress dev blog – definately worth a read.
Good sense.