Friday, November 30, 2007

Say Goodbye to robots.txt

Yesterday Automated Content Access Control bore.

It’s hard for anyone to make content available for access and use on the network without any rules…
It’s hard to follow rules if you don’t know what they are…
It’s hard to learn how to read and understand rules if you are a machine…


Search Engines fulfill to Web-Sites owners. Is this a new Wide Web Era ? I think so, I think it should be very interesting stuff to web security. Hiding whatever you want, it's not an easy job if you're online. Often Google, Yahoo and others grab you secret contents allowing attackers to read-and-play with them. Robots.txt is still now a not-standard but just a unofficial-convention with some web spiders; building a new standard deal is a "must" even to prevent search-engines-attacks. I totally agree with ACAP project !.
Anyway what will happen to you web-site ? Just few but important changes:

1) changes to your 'robots.txt' file
2) changes to content resources

If you already have a robots.tx here an easy to use converter plugIn able to translate your old robots.txt into acap standard. However if you want to use the whole ACAP powerful you should read the Technical Giude , ... not so much long. Of course, don't forget to public on your page the logo :-D

Thursday, November 29, 2007

Really Funny.

When the art captures the truth :-D



:-)

Easy Password Checker.

Hi Folks,
today I wanna point out an example of Password Checker that I've founded here, via Schneier. It's a pretty easy example how to use "score based intelligent" without any recursive-based language. Starting from 0 points your password can only increase its score passing tests until the greater tally 6.
Here an example: try with your password ! (It's Javascript)



The main javascript "score" function is available here:



Nice, don't you think ?

Tuesday, November 27, 2007

Jumping CAPTCHA.

Here one of the most coolest "on fly" tools that I've ever seen.
Try to load the page many times and try to count the false positive, they are really few !
This easy php page exploits CAPTCHA number thanks to an easy statistical analysis on frequency color per digits. Actually It's quite poor but it runs well and it does the Trick !!!



The main idea is the following:


Here you can find the entire source code.
Via this site.

The Day The Routers Died...



Via Joerg Moellenkamp

Monday, November 26, 2007

IPod Touch Audio Line-In Discovered

Hi Folks,
another big news from ipodtouchfans, a new Audio Line Input has been discovered, this allow many applications run and maybe also VoIP applications. From touchmods.blog.com the first amplificator schema :
 

A little description:
- 13, 26 and 29 are the pin indices of the Dock Connector.
- The Resistor above the mic could be between 1 and 5kOhm, depending on your mic
- The capacitors C1 and C2 should be above 1microPharad, any vale is ok.

The picture quality is not the best, as it was made in a fast way on my N770 using the amazing Xournal noteTaker.
Anyway, what is important, in case you plan to build everything inside the Dock Connector, you will need to make a PCB that is all-in-all less than 3.5x 8x 16mm, as the internal height of the Dock Connector is 3.5mm. Not to mention that the position of the PCB will be also restricted (centralized) by the pins inside the plug. A smart solution would be to leave the PCB out and to put the resistors directly onto the legs of the IC. Doc connector available here


Read more here , here , here, here and here.

XSS CSS INJECTION on IE7 and Firefox

Hi folks,
today I wanna present a great work on XSS CSS injection. Following the amazing work of Martin, style="xx:expression((window.r!=1)? ...... , Gareth wrote a more complete example  of injection scenario. Here it is !



That Translated from hexadecimal  becames:



It's still incredible seeing execution of code even if converted into whole entities as htmlspecialchars. Yep, incredible but true ! Some one is just saying you should never allow users to insert HTML code in your pages but I don't think so, it's difficult to give something and than take it back, it's difficult saying STOP HTML to users now, where users are living on HTML. Maybe security staff must learn from this "another example" and works hard to prevent others similar stuff.

Sunday, November 25, 2007

Thank You Guys

Hi folks,
I'm proud to announce to be one of BlogSecurity Team.
Grabbed from the BlogSecurity Site.


BlogSecurity is the only organization that deals with social networking and web blog security exclusively.
Our goal is to provide you with the security advice, services, tools and critical information that you need to better secure and build your blog.

Tuesday, November 20, 2007

Big Scare from Apple !

During these days lots of blogs ( tuaw, heise-security, docpool and so on ..) published this agonizing news about apple. Something wrong happened in Stocs  and Weather applications during the Network Update phase. A strange IMEI code is passed on apple.com as you can see in the following picture.




What's happening ? Is Apple spying us ? Are there tons of data written with IMEI ? Can they recognize me ? Can they understand where I am ? ecc ecc....
Fortunately, it's not true. The IMEI parameter passed to apple.com is an software-ID and it's the same for all the phones. Or it seems that. Unfortunately I got only one iPhone and I cant make more-deep testes. Right now I used Wether and Stocks without any worries but I'll more careful until some of new come up.

Interesting reading here.

Sunday, November 18, 2007

AT&T Allows Denial of Service

I've been using AT&T for 4 months. What I saw is that you must pay if you're phoning but also if you receive calls. You must pay also if you 'try' to phone, and you must pay if you decide to not answer. Well, you must pay every time !
Is it right ? Maybe Yes, if your mind thinks to "communications" or it seems wrong if your mind thinks to "services". So, what I know is that AT&T is a "communication oriented" provider instead others European networks providers are "service oriented".  But what about security ?  If I'm using a "service oriented" network provider, like EU architecture, I'll pay only if some one answers to me. So the following scenario could be assumed as safe:

A call V
network does...... TU...TU...TU...TU
V doesn't answer.
network does....... TU.TU.TU.TU 
A has spent nothing
V has spent nothing

If I'm using a "communication oriented" network provider, I take up the network so I'll spend even though no one answer to me. At the same time also who doesn't answer to me takes up the network and so he will spend money like me. In this way if an attacker wants to make a denial of service on the victim's phone, he could follow this procedure.

for(;;){
Attacker (A) calls Victim(V) (with hidden cell-id)
network does........ TU. (A stops the call)

A has spent $0.x
V has spent $0.x
}

If we assume that Attacker has more money than Victim, at the end of the day Victim is not able to phone. Both A and V will spend the same amount of money. So if Attacker really wants to make a DoS attack on one or more phones he can.
Maybe "services oriented provider" are more secure under this point of view. 

Saturday, November 17, 2007

Say Hello to SpiderPig

Hi folks,
I know, it isn't security but it's so funny !!
Today surfing on the web I've seen SpiderPig ..... (or SpiderPork, italian version is more funny), in this site and I decided to publish just for fun ! To me it's really amazing ! :-D.









Print, cut and attach it Wherever you want ! Here some little examples:








Enjoy Your SpiderPork !!! :-D

Friday, November 16, 2007

A Restricted Test Apple Test.

A really Restricted Test on "addicted to apple" gave me 85%, ... , not bad ....

85%
It's really Funny :-D !

Wednesday, November 14, 2007

Studying covert channels

Covert channels have been a big problem for years. Recently applied in Electronic Voting System can threaten Democracy. I've found a nice software in order to understand how covert channels can work. I've downloaded it here and I've just tried how it works. As usually just few screens shots.
The first MAC is 10.0.0.12 and the second one is 10.0.0.13




The connection




Opening an easy nc connection in both MAC.




Writing something in the first nc shell (10.0.0.12) the message will be forwarded into the second nc shell using covert channels. But following the Tao suggestion what's happening in our communication ? The communication starts in that way. An easy Http GET with cookies stetted "this is a string \r\n", the exact data that I've pushed on first nc shell (10.0.0.12) 





The right answer from 10.00.13



The Answer from second nc shell (10.0.0.13) is forwarded to second nc shell (10.0.0.12) using another cover channel



Whit the relative data !




It's a very easy example of two different covert channels, the first one using a cookies in tx and the other sending tcp data back. I think this example should be really useful for teaching purpose.  Maybe could be interesting improve-it using different channels and protocols and upgrading the communication level with a strong data encryption in order to hide written data. Should also be interesting building a kernel based implementation upgrading modern distributions.

Verizon has confusing ideas

Thank to Justin :



It seems ridiculous and quite impossible but nope, it's true. Also in America it's happens :-D

Monday, November 12, 2007

The first MacBook Pro with a 64GB SSD?

Here the original experience.




One of the most cool experiment I ever seen !! MacBook Pro with Solid Hard Disk installed without any complications, as you can read from original post. I guess apple will not wait much more !

Friday, November 9, 2007

iPHone Password Cracking.

Hi folks, yesterday I bought my first iPhone.
It's great, with a lot of functionality and  security is really high :-D :-D :-D. But while I was looking inside the File System, just for studying embedded architecture ..., I realized that a mysterious file named master.password was inside the /private/etc/ folder.




Well, intrigued I opened it and .... Yep, an old passwd style file appeared in front of me.





Wow, it's really secure !! Yep, there's written about single-user but..... iPhone is embedded System it's running in single-user !!! :-D. So could be interesting understand how much is the password secure.... Maybe apple puts a really strong passwords !
Let me try with John on my poor old PowerBook G4.




Ohhh, The password is really really strong and so hard to guess, how  have hackers discovered it ?!? (I'm kidding)
Well, I'd like emphasize two posts in order to answer at this rhetoric question, the first one  one of my old post and the second one , a great post on password security by Ann. Security Evangelist are really useful in current security-era .


Voting machines casted wrong candidate.

Well,...
there are a lot of people who are working to increase the electronic voting security. But on the other hand there are lots of people who don't care about it ! It's 'pretty' incredible !

Via Wired 
Votes cast yesterday on e-voting machines made by Election Systems &
Software went to the wrong candidates, according to officials in
Lawrence County, Ohio.

Wednesday, November 7, 2007

Leopard Data Loss BUG













This news is two days old, but I've not founded time before to say thanks Tom. Grabbed from here:"Leopard’s Finder has a glaring bug in its directory-moving code, leading to horrendous data loss if a destination volume disappears while a move operation is in action. I first came across it when Samba crashed while I was moving a directory from my desktop over to a Samba mount on my FreeBSD server." Here we go, it's time to Leopard's bugs ! Really Good personal working stuff. Here there is also an avi for people don't like read.




Monday, November 5, 2007

How to detect Steganography.


Hi folks,
During last week I've found some interesting stuff on Steganography, well I wanna discuss about detection and not about Steganography, so please if yu're interested on this post read the wiki pedia definition linked above.


Well, right now I've seen lot of people who don't know anything about Steganography and how to detect it, I know there are lots of free software like StegoDetect that can easily detect if the current file has been compromised, but as usually I like touch by hand what happen inside the file. So during these days I've analyzed some file extension with and without Steganography.
Let me start with classics examples like .gif images.

This is a normal gif image without any items hidden.


And this one is the same picture with some plain text steganographed inside. 




Human eyes can't see the difference between the two pictures, but the hexadecimal editor can !!! So if we try to open normal .gif images and the compromised one we can compare the differences and understand how it's possible detect Steganography inside GIF image.

And, yep we got it ! As you can see from the following pictures the first bytes are different !
This is first picture's hexadecimal view, and you can read "47 49 46 38" that's means "GIF" in ASCII way.


This is the second Pictures' s hexadecimal view, you can't see "GIF" bytes ...



Well, it's so easy to detect !!! Let me try with others pictures formats for instance with .jpg files. Apparently there are not similarity between a normal jpg pics and a compromised one, but if you study JPG header and body format you can discover that every JPG image ends with "FF D9" Bytes. So you if it's true we must find "FF D9" in the normal JPG and others stuff in the compromised image. De facto it's true. Safe JPG following:



Compromised JPG following:


Yet, examples.
PNG is another important image format, the PNG header is well known so should be easy detecting injections. It's still true, the difference in the header is impressive. Normal PNG format.



And Fake PNG header.



So here we are.. It's not so difficult understanding if an image has been compromised ! Some times some Steganographic software are more smart than others ones but it's difficult lying to hex editor. Anyway it's really different for MP3, exe and other stuff like that.

Friday, November 2, 2007

Porn to break Captchas

Via BBC (whole paper).

Spammers have created a Windows game which shows a woman in a state of undress when people correctly type in text shown in an accompanying image.
The scrambled text images come from sites which use them to stop computers automatically signing up for accounts that can be put to illegal use.
By getting people to type in the text the spammers can take over the accounts and use them to send junk mail.
This example shows; why are so important the security evangelists professionals people ! This technique has been introduced some years ago as you can read from the following links:
It's not a mystery, at least for security evangelists ... ... ... ... ... ... ...