Archive

Archive for the ‘Security/Exploits’ Category

Two charged with data theft from June ’10s AT&T hack…

January 19, 2011 2 comments

Reported today by infosecurity-us and others, the two men (Andrew Auernheimer, 25, of Fayetteville, Ark., and Daniel Spitler, 26, of San Francisco, California) who had fleeting fame after publishing insecurities in the AT&T iPad website in June 2010 have been arrested and charged with one count of conspiracy to access a computer without authorization, and one count of fraud in connection with personal information.  Each count carries a maximum penalty of five years in prison and a fine of $250,000.

You can find the formal press release on the Justice.gov site.

The original hack involved farming the subscriber details off AT&Ts site by presenting it with random ID codes. Unfortunately, while demonstrating a weakness in a site is often not prosecuted, the pair went on to retrieve 120,000 subscriber details and then passed them on Gawker, who published a redacted list amongst much fanfare. This distribution of personal data will probably get them into a lot of hot water.  Read more…

Advertisements

McAf.ee Launched!

September 21, 2010 1 comment

McAf.ee Secore Short URL ServiceA pet project of mine for a couple of months now, McAfee’s secure-short URL service went through a viral launch last week and has taken flight!

Leveraging McAfee Global Threat Intelligence, McAf.ee lets you create short url’s which are checked against our databases of known spammy, dangerous, malware hosting, bot control etc sites prior to being show. A while ago there was a glut of dangerous short links circulating around Twitter, Facebook etc – this is something McAfee can proactively do to help offer a little more safety in our online lives.

You can create a short URL for any site, but when someone clicks on it, if the site is flagged as dangerous we throw up a warning page to give users a chance to back out before visiting.

This service was created by the McAfee Office of the CTO, which I am part of – the team is charged with looking into and creating innovative test projects, which, if successful can be rolled into the more traditional McAfee Business Units. It means we have a little more freedom to go out on a limb and try new ideas out.

You can find more information, and of course comment and add feature suggestions, or report issues on our forum http://mcaf.ee/about

I’d love to have your feedback, and, as of now I’m proud to say you can find my blog at http://mcaf.ee/simon (smile!).

Update – Larry Magid from CNET NEws called me to interview me about the service, he was very gracious and published a great writeup of the service. He also recorded the interview and made a podcast available. Boy, I hate hearing recordings of myself.

I got a virus in my email? Me?!?…

April 27, 2010 Leave a comment
Today I received a very pleasant email from the “Student Support Center” of, I guess Hotmail? It seems I got a virus in my Helpdesk.edu account (funny, I don’t remember signing  up for it, but hey, I must have eh?).
If I respond to them with my user name and password, they will fix it for me. Thankfully, the password will be encrypted somehow magically when I reply to them.
Now, if I could only work out what my user name is…

Passware release Bitlocker/Truecrypt Decryption Tool

April 5, 2010 Leave a comment

Following on from my post “10 Things You Don’t Want To Know About Bitlocker”, “TPM Undressed” and “Firewire Attacks Revisited” it recently came to my attention that Passware, Inc. A feisty California company has released a version of their forensic software which will decrypt Bitlocker and TrueCrypt protected hard disks via the classic Firewire vulnerabilities.

A full write-up can be found on the Passware site, but simply, given a machine that’s running, but has encrypted drives (for example one using Bitlocker in TPM-only mode, or a machine which is suspended, not hibernated). As to how to do it, well they have implemented the exploit in a very neat and usable way:

Read more…

Smart power meters easily hacked…

March 29, 2010 Leave a comment

Recently Jordan Robertson reported that serious flaws had been found in so-called “Smart” power meters which are being rolled out slowly by the utilities companies.

These meters, designed to help individuals and companies more effectively manage their electricity usage were found to have serious security flaws which could allow hackers not only to tamper with your supply, a new twist on the “Denial of Service” attack, but could also be used to fool the utility provider into thinking you’re using more power than you actually are.

TPM “Undressed..”

February 16, 2010 7 comments

Recently it was announced with much fanfare that the now-ubiquitous “TPM” chip found in most modern computers had been hacked. This obviously unnerved a lot of people, especially those hanging the safety of their secrets on free solutions like Microsoft Bitlocker which use the TPM to provide convenience to their users.

The attack, invented about 60 years ago, but elegantly implemented by Christopher Tarnovsky of Flylogic involved attacking the hardware of the chip itself by uncasing it and probing its signal pathways – something that seems difficult until you read their blog and realize they do it every day.

Chris used a combination of off-the-shelf acids and rust-remover solutions to dissolve first the outer casing of the chip, then the wire grid tamper-proofing shields inside.

Once “undressed” he was able to probe and monitor what was going on inside anonymously. Read more…

“Cheap” Secure USB Sticks, you get what you pay for?

January 6, 2010 5 comments

Recently a whole slew of news sites announced a newly discovered vulnerability (care of the German Security firm SySS) on a range of “supposedly” secure consumer USB sticks.

These models from SanDisk, Kingston and Verbatim were apparently easy to defeat and retrieve the data from without knowing the users password or having any prior knowledge or touch on the stick.

The exploit was simple – it seems the software tool shipped with the sticks validates the password, not the stick itself, and the sticks use a fixed authentication key. Yes, ALL sticks use the same auth key. By simply sending this known ack key to the stick, you can unlock it, or any other stick.

Interestingly, some of these insecure devices had been through FIPS 140-2 Level 2 security certification, so should really have been immune to this kind of attack.

Read more…