Difference between revisions of "Episode251"

From Security Weekly Wiki
Jump to navigationJump to search
Line 35: Line 35:
 
#[http://packetstormsecurity.org/news/view/19495/Vodafone-Flaws-Could-Enable-Widespread-Hacking.html Vodaphone Femtocell Hacking] - [Larry] - THC folks have been plugging away at this device since 2009, and have completely pwned it.  Can you say call snooping anyone?  I sure can, because THC has been able to transform the device, that allows anyone (not just femtocell and Vodaphone subscribers) to connect.  that means you can gather other's traffic with a modified device.  Not to mention that THC shows you how to suppress errors and alarms back to Vodaphone for your hacking goodness.  I think I've said it before, but the largest threat to vendors in getting their devices compromised?  Releasing them to customers.
 
#[http://packetstormsecurity.org/news/view/19495/Vodafone-Flaws-Could-Enable-Widespread-Hacking.html Vodaphone Femtocell Hacking] - [Larry] - THC folks have been plugging away at this device since 2009, and have completely pwned it.  Can you say call snooping anyone?  I sure can, because THC has been able to transform the device, that allows anyone (not just femtocell and Vodaphone subscribers) to connect.  that means you can gather other's traffic with a modified device.  Not to mention that THC shows you how to suppress errors and alarms back to Vodaphone for your hacking goodness.  I think I've said it before, but the largest threat to vendors in getting their devices compromised?  Releasing them to customers.
 
#[http://packetstormsecurity.org/news/view/19486/Mac-Security-Firm-Ships-First-iPhone-Malware-Scanner.html So close, yet so far…] - [Larry] …for the first iPhone Malware scanning app.  YAY! AV for your embedded device.  Well, not quite, due to the sandbox that iOS places around apps, there is no access to memory or the file system, so all you can do is scan e-mail attachments and web downloads.  Better than nothing I suppose, but a long way to go to compare to more traditional tools.
 
#[http://packetstormsecurity.org/news/view/19486/Mac-Security-Firm-Ships-First-iPhone-Malware-Scanner.html So close, yet so far…] - [Larry] …for the first iPhone Malware scanning app.  YAY! AV for your embedded device.  Well, not quite, due to the sandbox that iOS places around apps, there is no access to memory or the file system, so all you can do is scan e-mail attachments and web downloads.  Better than nothing I suppose, but a long way to go to compare to more traditional tools.
#[http://blog.didierstevens.com/2011/07/13/teensy-pdf-dropper-part-1/ Didier's Teensy PDF Mayhem} - [Larry] - Did you know that you can create a PDF with just ASCII?  Did you know that you could also include a malicious executable in that ASCII PDF?  Didier Stevens did, and ported it to be delivered by a Teensy HID device.  Time for Dave to add this as another Teensy attack in SET.
+
#[http://blog.didierstevens.com/2011/07/13/teensy-pdf-dropper-part-1/ Didier's Teensy PDF Mayhem] - [Larry] - Did you know that you can create a PDF with just ASCII?  Did you know that you could also include a malicious executable in that ASCII PDF?  Didier Stevens did, and ported it to be delivered by a Teensy HID device.  Time for Dave to add this as another Teensy attack in SET.
 
#[http://krebsonsecurity.com/2011/07/microsoft-fixes-scary-bluetooth-flaw-21-others/ Bluetooth on? I thought so.] - [Larry] -  Remember that WiFi hack years ago that exploited a bug in wireless drivers, who would receive packets without being associated to a network to get exploits.  Yeah, you didn't even need to be connected to a network, just have your adapter on.  Now the same thing for Bluetooth on Vista and Win7 products. No interaction from the user.  No pairing needed. To agree with a quite form Marcus Carey, I think we'll see more of this given the availability of better bluetooth auditing hardware/tools such as Ubertooth.   
 
#[http://krebsonsecurity.com/2011/07/microsoft-fixes-scary-bluetooth-flaw-21-others/ Bluetooth on? I thought so.] - [Larry] -  Remember that WiFi hack years ago that exploited a bug in wireless drivers, who would receive packets without being associated to a network to get exploits.  Yeah, you didn't even need to be connected to a network, just have your adapter on.  Now the same thing for Bluetooth on Vista and Win7 products. No interaction from the user.  No pairing needed. To agree with a quite form Marcus Carey, I think we'll see more of this given the availability of better bluetooth auditing hardware/tools such as Ubertooth.   
 
#[http://feedproxy.google.com/~r/hackaday/LgoM/~3/lEHjFgaauio/ Technology enabling shoulder surfing] - [Larry] So, do you come full circle when you use technology to enable shoulder surfing of new technology?  Ising a video (camera, stream, file), this app analyses not the asterisks of hidden passwords of touch screen devices, but the touchscreen keyboard color change for keypresses.  If you know where the keys are, you can just analyze the color that changes for keypress confirmation.  Of course you can turn that feedback off, but who does that?
 
#[http://feedproxy.google.com/~r/hackaday/LgoM/~3/lEHjFgaauio/ Technology enabling shoulder surfing] - [Larry] So, do you come full circle when you use technology to enable shoulder surfing of new technology?  Ising a video (camera, stream, file), this app analyses not the asterisks of hidden passwords of touch screen devices, but the touchscreen keyboard color change for keypresses.  If you know where the keys are, you can just analyze the color that changes for keypress confirmation.  Of course you can turn that feedback off, but who does that?

Revision as of 16:40, 14 July 2011


Announcements

PaulDotCom Security Weekly - Episode 251 for Thursday July 14th, 2011.

  • Los episodios de PaulDotCom Espanol con Julio Canto, Lorenzo Martinez, Chema Alonso y Ruben Santamarta esta disponible aqui. Tenemos mas entrevistas en las semanas que vienen....
  • Sign up for Blackhat Training Courses:
    • PaulDotCom Blackhat Training Sign up for "Offensive Countermeasures: Making Defense Sexy" as a two-day course at Blackhat July 30-31. Every student gets a FREE "Hack Naked" t-shirt and sticker!
    • Tenable Security Blackhat Training Sign up for "Advanced Vulnerability Scanning Techniques Using Nessus" August 1-2

Interview: Claudio Criscione

Claudio Criscione managed to score his first hack at the age of 10, which was to download more content from the local BBS by bypassing ratio restrictions. After that he hacked his way to graduation at Milano TU and started his PhD. He has been the CTO of Secure Network since 2011. Criscione has been involved in web application security and anomaly detection, but has since moved into virtualization security and is also currently managing virtualization.info.


7:30 PM

Dave Kennedy

8:15 to 8:30


Stories For Discussion

PaulDotCom Blog Roundup

Larry's Stories

  1. Vodaphone Femtocell Hacking - [Larry] - THC folks have been plugging away at this device since 2009, and have completely pwned it. Can you say call snooping anyone? I sure can, because THC has been able to transform the device, that allows anyone (not just femtocell and Vodaphone subscribers) to connect. that means you can gather other's traffic with a modified device. Not to mention that THC shows you how to suppress errors and alarms back to Vodaphone for your hacking goodness. I think I've said it before, but the largest threat to vendors in getting their devices compromised? Releasing them to customers.
  2. So close, yet so far… - [Larry] …for the first iPhone Malware scanning app. YAY! AV for your embedded device. Well, not quite, due to the sandbox that iOS places around apps, there is no access to memory or the file system, so all you can do is scan e-mail attachments and web downloads. Better than nothing I suppose, but a long way to go to compare to more traditional tools.
  3. Didier's Teensy PDF Mayhem - [Larry] - Did you know that you can create a PDF with just ASCII? Did you know that you could also include a malicious executable in that ASCII PDF? Didier Stevens did, and ported it to be delivered by a Teensy HID device. Time for Dave to add this as another Teensy attack in SET.
  4. Bluetooth on? I thought so. - [Larry] - Remember that WiFi hack years ago that exploited a bug in wireless drivers, who would receive packets without being associated to a network to get exploits. Yeah, you didn't even need to be connected to a network, just have your adapter on. Now the same thing for Bluetooth on Vista and Win7 products. No interaction from the user. No pairing needed. To agree with a quite form Marcus Carey, I think we'll see more of this given the availability of better bluetooth auditing hardware/tools such as Ubertooth.
  5. Technology enabling shoulder surfing - [Larry] So, do you come full circle when you use technology to enable shoulder surfing of new technology? Ising a video (camera, stream, file), this app analyses not the asterisks of hidden passwords of touch screen devices, but the touchscreen keyboard color change for keypresses. If you know where the keys are, you can just analyze the color that changes for keypress confirmation. Of course you can turn that feedback off, but who does that?
  6. and the Daemon os coming true… - [Larry] - Just for fun.

Paul's Stories