header image
Recursive hacking law
January 13th, 2009 under Articles, Digital Rights, InfoSec, Politics, rengolin. [ Comments: none ]

According to BBC, the new European strategy against cybercrime encourages the police to hack the hacker.

I just wonder if the European Union has any idea of what the word ‘hack’ really means or how gray is the area between white hats and black hats and, more importantly, that both types live on both sides of the fence! Ask a hacker to define hacking and you’ll need a comfy sofa and someone else to actually hear the whole story.

The only problem with that is that it’s recursive. Once the police (and the private sector) hacks me, they become a hacker themselves, allowing me to hack them, on the interest of security based on the same law. Right?


Bad Vista
August 8th, 2008 under InfoSec, rengolin. [ Comments: 7 ]

Ooops, they did it again…

A whole new hacking style was discovered due to the complete incompetence of Microsoft’s engineers. When will they understand that security means the opposite of trust?

You can choose whatever framework you want (Java, .NET, ActiveX) build a simple program and have total control of the user’s machine in seconds. All that because our beloved Windows browsers trusts Microsoft’s technology only too much. And worse, the Windows kernel trusts Microsoft’s browsers and .NET too much too!

ActiveX attacks are not new, IE has an extensive history of huge holes through their magnificent piece of crap. Rendering Windows’ security hopeless is also not new, Outlook for decades gave hackers a free feature of one-click-exploit ™ but this is completely crazy.

No matter which way you go, what framework you use and what path you take, total control of the machine is a few clicks away. Worse still, as this confidence in crap dates back from Windows 2.0, I wouldn’t be surprised if they find they can do the same on all versions of any software (ahem…) they’ve produced so far, including DOS 1.0!!

Oh well, you can’t say you didn’t know, can you?


False security
August 5th, 2008 under Computers, Digital Rights, InfoSec, OSS, rengolin. [ Comments: 2 ]

False security is worse than no security. It’s that simple.

Bruce Schneier won’t stop saying how CCTV cameras are not only plain ineffective, but they bring the false sense of security even on police forces that won’t patrol the streets as good as they would without cameras. People won’t worry as much as they would without cameras and become easy baits for common robbers.

The same apply to computer security, of course. Building up a firewall in your computer, running an updated version of the latest anti-virus / anti-rootkit / anti-malware / anti-whatever won’t protect you from the most simple of the attacks: social engineering. One email or phone call done right to the right person is enough to render the whole network inoperative for hours or to pass sensible information to black hats do whatever they want or need in order to hack a system. Yours or any other.

As if it was not enough, as Bruce always point out, placing cameras will make robbers attack on places without cameras. In the same line, placing personal firewalls will make viruses mutate and attack on more subtle ways. Placing proxies and snooping hardware on your network will only make the real offenders care more when they’re accessing prohibited websites or protocols, for they will anyway.

The fact is simple: You can’t assure 100% of security.

Money is hardly the issue here. Think on the amount of money the US spend on securing their own classified data. Probably more than what they spend on wars around the world. But it wasn’t enough, Gary McKinnon could get into all of that to search for UFO information (yes, I do believe him). Apple spends a whole bunch on securing their devices and Brazilian hackers unlocked it only 3 days after the new iPhone 3G was released.

DRM is the other myth I can’t understand how people with a bit (not much) of clarity and intelligence can ever think it’s worth the shot. All major locks imposed to consumers were broken immediately after they were released. Hackers (good and bad ones) can easily break into any security scheme but the normal public will have to use the digital handcuffs. It’s not only unfair, it utterly stupid and pointless.

There is no sensible choice other than agree with Richard Stallman’s philosophy: ideas should be open and free. Competitive advantage must be on what you are doing rather than on what you’ve done. It’s impossible to secure the past, let it go, walk forward, invent!

What’s the value (worth of stealing) of your previous achievements if your future ones are much better? What could a hacker possibly want with old things? If they’re hacking, it means you’re not fast enough! Keep up!!


Got the disks? Use your PSP…
November 30th, 2007 under Computers, Fun, InfoSec, rengolin. [ Comments: 1 ]

Finally some good news to crackers that got the HMRC disks, they can now easily crack the password protected spreadsheets while playing Final Fantasy!


Nvidia helps crackers?
October 24th, 2007 under InfoSec, rengolin. [ Comments: none ]

Their long support for the minority is well appreciated for us, Linux users, but now they’re indirectly supporting the bad guys as well! Not to panic though, every major breakthrough comes with a proportional cost (ie. nuclear physics).

According to The Register, this company is using NVidia’s GPU to reduce the password cracking from months to days!

The new CUDA platform allows you to use the GPU for numeric processing, giving a big advantage over the too generic (and too complex) CPU.

Now, just between us, they can’t say they didn’t know it was going to happen, can they? No one said week password schemes (even with strong public encryption algorithm) were safe…


My first Linux virus?
September 7th, 2007 under InfoSec, rengolin, Unix/Linux. [ Comments: 34 ]

Wandering around my Linux filesystem I found a weird directory in /home …


drwxr-xr-x 2 root root 4096 2007-08-19 12:03 eb588afc0325b12eeb074fd6

Ok, I thought, I didn’t create that. If it’s a virus, it’s the most stupid virus in existence, but, we never know… Then I got inside and see what files it had, and found this:


$ l eb588afc0325b12eeb074fd6/
total 956
-rw-r--r-- 1 root root 865822 2007-08-02 21:41 mrt.exe._p
-rw-r--r-- 1 root root 96216 2007-08-02 21:34 mrtstub.exe
-rw-r--r-- 1 root root 45057 2007-08-19 12:03 $shtdwn$.req

Mamma mia, if it really is a virus, it’s even more stupid trying to put .exe files in my Linux box! Anyway, The Oracle would know the answer… Searching for mrtstub, the first hit is this page, directly from the enemy’s site. Not too far I found the origin:

mrtstub is part of the Malicious Software Removal Tool. It is responsible
for copying mrt.exe to the correct location and launching it.

Long story short: I have dual boot (which I never use but my son plays sometimes) and my Linux home directory is mounted using an ext3 driver for Windows. Microsoft asked me to install this Malicious Software Removal Tool which I denied 10 times asking every bloody time NEVER TO INSTALL IT IN THE FUTURE until the 11th was my son that wasn’t even asked but turned it off as he always do and Microsoft stealthily installed this piece of crap in my computer.

That’s enough, I’ll spend a fiver and buy a cross-over software to run my son’s games on Linux and remove this crap out of my computer once and for all.


Dangerous Files you Have to Avoid
September 7th, 2007 under InfoSec, rvincoletto. [ Comments: none ]

temp1.jpg
Crackers like to use phishing to spread their malicious code. And actually, if you take care with just some file extensions you can avoid these dangerous codes.

If you receive an e-mail with the extensions .cmd, .bat, .exe or .scr, don’t open it, even if it comes from a secure source. And, as email servers are blocking these attached files, crackers are using telephone promotions, your bank account and other current subjects to direct you to a malicious link where a virus is downloaded. They develop sites almost identical to the original sites, “clones”, where the cracker has total control over your acts. It’s really common send scraps to Orkut users with these links.

Most files available to download in these websites are those kind mentioned in the beginning: .cmd, .bat, .scr or .exe.

The .cmd and .bat files are used to execute scripts known as batch files, to automate tasks. Crackers use these kind of files to steal user data. The .scr are screen saver files, and most users trust this kind of files, but the virus will be activated when the screen saver is executed.The most known, and still most used as phishing is .exe. Users know how dangerous these files are, but, most of time, they don’t pay attention to the extension they are downloading.

The files mentioned are Trojans and keyloggers. Trojans open your machine to the cracker and Keyloggers record everything you type. So, can you imagine the damage to your personal data?

Now that you know these dangerous files, what to do to protect your data? it’s always a good idea to have a firewall and other prevention methods that can identify these links and extensions. And don’t think you will notice that your computer was infected. The cracker don’t want to be noticed, he will be hidden, and quiet, to get all information he wants.

Take care with those files and links, check the extension, don’t open files from unknown sources and don’t execute anything in your computer that you are not sure what is. It’s not that hard to be safe on line.


Computer Forensics: Recovering Files – Part 2
June 5th, 2007 under InfoSec, Review, rvincoletto, Software, Technology. [ Comments: none ]

Last week I introduced you Active@ File Recovery as a useful computer forensics tool and file recovery software

Today, we go a bit further in Active@ File Recovery usage.

A few tips when using Active @ File Recovery to recover your lost files:

  1. Before install Active@ File Recovery for Windows it’s a good idea create a Recovery point, so, that way, if you don’t like the software or if it doesn’t work properly, you can easily restore your system for the situation before to install Acite@ File Recovery.
    • – Actually, it’s a good idea set up a Recovery Point for Windows every time you will install any software in your Windows System. It will provide the basis for recovery if and when needed.
      – A recovery Point is the basis that allows you undo all changes made in your system and recover all your configurations.
  2. Try to use Active@ File Recovery without install, so, there’s no risk to overwrite your files.
  3. Install Active@ File Recovery in a different Hard Drive or partition of the affected drive partition to avoid of writing over data that you wish to recover.
  4. After install Active@File Recovery, you can open it and navigate just like you do in Windows Explorer.
  5. Go to the file or folder you want to recover and choose recover option.
  6. When you choose this option it will open a new windows asking where do you want to place the recovery file or folder.
  7. If you chose to save at the original place, the system will warn you to save it in another place to avoid overwrite your file or folder. In this case, it will be impossible a future recovering operation.

But remember, not every lost file can be recovered. You have to think about the following possibilities:

      We have to assume that the file entry still exists, I mean, it was not overwritten. The more the files have been created on your HD, the less chances that the space for that deleted file has been used for other entries.
      We assume that the file entry is more or less safe to point to the proper place where file clusters are located. If the operating system had been damaged file entries right after deletion, the first data cluster becomes invalid and further entry restoration will not be possible.

So, as a general advice, do not write anything in the drive containing your deleted data and do not try to recover your files to the original drive data.

Sponsored by Active@ File Recovery


How to keep your Internet Life Browsing in a secure way
June 4th, 2007 under InfoSec, rvincoletto, Technology. [ Comments: 3 ]

First of all, if you thought Internet Explorer and Firefox were your only options, you were mistaken. This section reviews Internet Explorer and Firefox basics and introduces other viable Web browser options.

Microsoft Internet Explorer is a common target for browser hijacking. Internet Explorer 7.0 provided a significant upgrade to Microsoft browser security but, still have flaws, like the one discovered for an Israeli vulnerability researcher. Aviv Raff warned in a posting on his blog Wednesday that Attackers could exploit a new flaw in Internet Explorer 7 (IE 7) to launch phishing expeditions. Raff said IE 7 running on Windows XP and Vista is susceptible to cross-site scripting attacks.

So, you don’t have options and you have to use IE, or maybe, for some weird reason, you just like it.

IE has the ability to provide a secure browsing, but it’s the responsibility of the organization or the user to configure it.
Yes you have to do your homework. You can start reading this How-to articles from Microsoft.

If you are tired of patching your IE browsers every week (at least) may consider migrating to Mozilla Firefox, a popular third-party browser that is generally thought to be more secure than IE. However, Firefox is not immune to attacks, and as the browser increases in popularity, it’s likely to become a bigger target for attackers.

In this link you can find a list of security tips for Firefox users, but it’s great reading for other users as well.

Not satisfied with Firefox or IE? Yes, there are other options, such as Opera, Safari, Konqueror, Lynx (this one just for grown ones) and others. They all have theirs pros and cons, visit their webpages and and learn what you should expect if you’re not using IE or Firefox.

And remember: on the second Tuesday of every month, Microsoft releases hot fixes for its newest flaws which almost invariably include Internet Explorer patches. Yes, at least twice a month you will have to patch your IE.

Others Web browser of your choice will release their patches eventually.


How to create a security policy
March 18th, 2007 under InfoSec, rvincoletto, Technology. [ Comments: 1 ]

Technology helps us to solve problems, but they are vulnerable to several types of threats. Any kind of lost or unavailability could be too dangerous for small and big companies. So, information security is a basic investment.

But, how do you decide what kind of investments are necessary?

First of all, you must know the cost of your business’ downtime to protect it against failures.

Planning
A deep investigation of users’ access to the internet together with your data security needs will help you to begin your security policy.

  1. What do you want to protect?
  2. What are the risks?
  3. What parts of your business are relevant?
  4. What do your users expecting from their computers? What do they need for their jobs?


Defining

Now, you can start writing your security policy. The best way to develop a policy is to work from an example policy. You can find several templates of security policies in the internet. You must define the mission of information security in your company: scope, responsibilities, enforcements, revision.

You need a Continuity Plan; which will involve a lot of areas in your company, such as technology, electric power, engineering, staff planning, communication, etc. Your users must know the Security Policy and they need to be trained constantly.
Processes must be review in a constant basis, to ensure that you have the latest and most up-to-date version of a solution.

Remember that threats and vulnerabilities are constantly evolving.

Implementing

So, you make business decisions and you know how important is protect you computer data. Security systems are the implementation of those decisions. Good security system starts with careful planning and understanding company business, not robust hardware and software.

Security policies are strategic documents that guide you for security. If you don’t understand your business needs it will be difficult implement and configure those security systems.

Remember that a firewall security policy cannot exist alone. It must be accompanied by your company board support, a policy that establishes how to maintaining physical security, staff training and awareness, and other specific security controls.

Using

A firewall stands between your protected network and public internet. Its main function is to examine traffic coming from the public side to the private; to make sure it reflects your security policies before permitting that traffic to pass through your private network.

Two things you must think about implementing firewalls:

1. Acquire the right firewall for you company

There are lots of firewalls in the market, but without a solid and trustable host, your firewall will be worthless.

2. Configure your firewall to meet your security policies

You could create rules that allow your users to access local web servers but that prevent employees to access local systems such as financial, development and human resources.

When you define a strong security policy that balances your users’ needs with your business needs, you will be able to find the right combination of IT resources to implement it. Keep in mind that firewall rules comes from your business needs.


 Next entries »


License
Creative Commons License
We Support

WWF

EFF

National Autistic Society

Royal Society for the Prevention of Cruelty to Animals

DefectiveByDesign.org

End Software Patents

See Also
Disclaimer

The information in this weblog is provided “AS IS” with no warranties, and confers no rights.

This weblog does not represent the thoughts, intentions, plans or strategies of our employers. It is solely our opinion.

Feel free to challenge and disagree, and do not take any of it personally. It is not intended to harm or offend.

We will easily back down on our strong opinions by presentation of facts and proofs, not beliefs or myths. Be sensible.

Recent Posts