= Stories For Discussion =
[http://ap.google.com/article/ALeqM5goW0z-9WpWqoWdbcc7-Sz5HWd2dQD92MA5400 FEMA phones hacked for toll calls] - [Larry] - Yep, hackers broke in to the phone system and were able to place $12k in calls to Europe and Asia. The security consultant claims that the hack is "old school". Certainly, but we all know when there is money to be saved or made, the attack is certainly one attackers look for. Now, the method in which the hack was conducted? Even more old school - they attacker apparently utilized the default administrative password. FEMA blames the contractor that set up the system for leaving this open. Time for someone to start examining that contract... And yes, FEMA is a division of DHS, the same folks who are ultimately responsible for the TSA fun cavity searches at US airports. It gets better - allegedly DHS put out a notice for this type of system vulnerability in 2003... [
PaulDotCom] - Hackin like its 1989! Love it! I find the motivation interesting, what kind of calls were being made? Typically, I would imagine, that hacking into a phone system is exploited for profit, shady telemarketing calls, VoIP Phishing, etc... Was it really just to make long distance calls? And why does everyone blame the contractor? Was the contractor the only one who knew that the password was set to the default?
[http://www.i-hacked.com/index.php?option=com_content&task=view&id=267&Itemid=1 Is that a lockpick in your pocket, or are you just happy to see me?] - [
PaulDotCom] - Bill over at i-hacked.com did a great job with this posting which details hiding a lockpick set in your luggage. It seems its quite easy to sneak a screwdriver and hide stuff in the tube for the pullout handle on a roll-away. One interesting thing he says, "I took some measurements and found out that I really couldn't pack much more than a few cubic inches (perhaps 8 or 9 fluid ounces) into both tubes combined." I want to see the picks where bill fills his luggage handles with water :) This is pretty scary, and has many parallels into the digital world. First, trojans are effective (pause for laughter). Hiding in emails, web pages, you name it, eventually they will be successful. Second, defense in depth is important, you can't just rely on the x-ray machine or your firewall for security, you need other layers. Lastly, intelligence is key, do you think the TSA read Bill's post and adjusted their defenses accordingly? Probably not, but I bet Bill is on a list somewhere ;)
[http://spectrum.ieee.org/print/6593 Combatting Stego] - [Larry] - I thought that this was an interesting approach - just add your own stego over top on systems where you can automate.
[http://www.shell-fu.org/lister.php?id=295 Portscan In One Line] - [
PaulDotCom] - I'm very much a command line person. Maybe its because I started on and Apple IIe and worked my way to DoS, then after a brief and frustrating stint with Windows, I found Linux/UNIX and fell in love with the command line. Its just so sexy! So is portscanning in one line of bash compliments of shell-fu.org. Below is my slightly modified version:
<pre> HOST=192.168.1.97;for((port=1;port<=65535;++port));do echo -en "$port ";if echo -en "open $HOST $port\nlogout\quit" | telnet 2>/dev/null | grep 'Connected to' > /dev/null;then echo -en "\n\nport $port/tcp is open\n\n";fi;done | grep open </pre>
[http://news.cnet.com/8301-1009_3-10021343-83.html?hhTest=1&part=rss&subj=news&tag=2547-1009_3-0-20 Search engines uncover potential Olympics "fraud"] - [Larry] - Note, not a political commentary on China, the Olympics or the IOC. Stryde Hax (and apparently the AP as well) used Google.cn and Baidu so search for information about the age of China's star, gold winning gymnast He Kexin. From Excel documents found from "official" Chinese sources (Like the state run Chinese Gymnastics Association) list her birth-date as 1994, in contrary to her passport, which lists 1992. After access, the documents disappeared, but remained in search cache, then not in Google's but still in Baidu's. An important pont to be careful about what gets put on the internet - expand here!
[http://www.securiteam.com/windowsntfocus/5KP0A20P6Y.html IE Zone Bypass = Bad] - [
PaulDotCom] - I never trusted the zone in IE, and here is one example why. You can bypass them and gain access to read local files. Ouch.
[http://www.securiteam.com/exploits/5RP0I20P5A.html Cisco Shell codes] - [Larry] - Neat. Yay or full disclosure. Some patches for IOS to enable backdoor VTY/TTY sessions with a priv of 15 with no password.
[http://feeds.feedburner.com/~r/MartinMckeaysNetworkSecurityBlog/~3/370003595/ Force SSL For Gmail] - [
PaulDotCom] - All I have to say is FINALLY.
[http://www.securiteam.com/exploits/5RP0I20P5A.html DEFCON r ful ov hackrz] - [Larry] - Wow, I love it when lawyers get it wrong.