Tag Archive for Hack

| March 26, 2011
Comments Off on iPad Notes

iPad Notes

Researchers Outline iOS Attack to Access Stored Passwords in Six Minutes

Researchers Outline iOS Attack to Access Stored Passwords in Six MinutesFierceCIO reports that researchers from Germany’s Fraunhofer Institute for Secure Information Technology say (PDF) they can break into an Apple (AAPL) iOS device (iPhone or iPad) to extract stored passwords in just six minutes. The attack requires physical access to the iOS device. Once boosted, large swaths of the iOS file system could be swiftly pried open by hackers.

Data that can be exploited include account passwords for MS Exchange ActiveSync, LDAP, VPN, and Wi-Fi. A successful attack starts with a jailbreak, followed by installing an SSH server to load a script to get access to the keychain entries which contain the passwords.

Based on this weakness, the author says that iOS needs work, “… a proper implementation of security using best practices could require a rewriting of key security components in Apple’s iOS.” He concludes that “… organizations deploying the iOS hardware at the moment might find it prudent to perform encryption at the app level instead of relying on the iPhone’s or iPad’s broken passphrase system.”

iPhone Password Hack Shows Flawed Security Model

iPhone Password Hack Shows Flawed Security ModelArs Technica has a different article on the latest iOS vulnerability. Ars argues that the attack isn’t entirely new, and is actually a product of Apple’s “DRM approach” to security. Forensics expert Jonathan Zdziarski told Ars that similar exploits have been around since Apple introduced the iPhone 3G. According to Mr. Zdziarski,

The real problem is that Apple hasn’t yet fully implemented a truly secure environment for iOS. Apple has … been relying on their DRM know-how, and just erasing the label that says ‘DRM’ and calling it ‘security. The problem with this is that DRM only makes things a little more difficult for hackers.”

“Real security relies on the strength of the key, and the secrecy of the key,” Mr. Zdziarski continued. “And as long as the keys are all stored on the iPhone and don’t rely on a user password, they can easily be compromised.”

The Ars article says that while Apple has continually improved the iDevices information security, they all have the same flaws. Mr. Zdziarski told Ars he believes Apple is pushing to make iOS devices compliant with the FIPS 140-2 (PDF) security standards. However, he warns that. “… at the end of the day … Apple will need to abandon their DRM approach if they want true security, as opposed to just some fancy marketing strategies.”

VMware Unleashes Virtual Desktops for Apple iPad

VMware Unleashes Virtual Desktops for Apple iPadNetwork World is reporting that VMware (VMW) has released VMware View Client for iPad to the Apple App Store. “We’ve been working on it since the middle of last year,” says Pat Lee, director of end-user computing clients at VMware.

VMware said it had trouble making Windows work as a virtual desktop on the iPad. “Windows really isn’t touch-savvy,” Lee says. VMware tried to adapt the iPad experience to Windows. “We spent a lot of time building custom gestures to make sure it blends into the iOS experience,” Lee says.

VMware created a virtual trackpad that can appear on the screen. “We want it to be as logical as possible,” Lee says. VMware promised “instant-on” access to Windows desktops from the iPad, as well as support for Bluetooth keyboards. VMware is using  PCoIP to deliver the remote desktops and says the client will offer a secure connection to server-hosted desktops.  The View client for iPad will be free for existing users, who are charged either $150 or $250 per seat.

The VMware announcement comes after Citrix (CTXS)  released Receiver for iPad, and Parallels developed Parallel’s Mobile, an iPad desktop application.

Contracts HD for iPad: Give Contracts the Finger

Contracts HD for iPad: Give Contracts the FingerHat tip to AppScout for finding Contracts HD for iPad. They say that it is one of those apps that is breathing life into the existence and usefulness of the tablet device. Contracts HD is designed to allow any Apple (AAPL) iPad user to create, collaborate, sign, and email completed contracts using iPad’s dynamic touch-screen interface. The app also provides a database of contract templates for which anyone can add an addendum to all existing contracts, auto-fill appropriate fields within the contract with your exact information, and allows both parties to sign contracts safely and securely by using a fingertip.

Once the contract is signed, and all parties have received their PDF copies via email, you can save contracts to a secure archive for easy access later. Contracts HD also has a little brother app for iPhone that enables you to synchronize contracts between devices.  Contracts HD for iPad is $9.99 in the iTunes App Store ($4.99 for the iPhone version).

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| December 11, 2010
Comments Off on Hackers Give Microsoft their code

Hackers Give Microsoft their code

Hackers Give Microsoft their codeWhen hackers crash their systems while developing viruses, the code is often sent directly to Microsoft (MSFT), according to one of its senior security architects, Rocky Heckman recently told ZDNet Australia.

According to Heckman, when the hacker’s system crashes in Windows, as with all typical Windows crashes, the user would be prompted to send the error details — including the malicious code — to Microsoft. The funny thing is that many say yes Heckman told ZDNet Australia. “People have sent us their virus code when they’re trying to develop their virus and they keep crashing their systems,” Heckman said. “It’s amazing how much stuff we get.

At a Microsoft Tech.Ed 2010 conference session on hacking Heckman detailed to the delegates the top five hacking methods and the best methods for developers to avoid falling victim to them. According to Heckman, based on the number of attacks on Microsoft’s website, the company was only too familiar with what types of attacks were most popular.

Script kiddieThe first thing [script kiddies] do is fire off all these attacks at Microsoft.com,” he said. “On average we get attacked between 7000 and 9000 times per second at Microsoft.com,” said the senior security architect. “I think overall we’ve done pretty good, even when MafiaBoy took down half the Internet, you know, Amazon and eBay and that, we didn’t go down, we were still up,” he said.

Heckman told ZDNet Australia there were two reasons why the top hacking methods of cross-site scripting and SQL injection had not changed in the past six years. “One, it tells me that the bad guys go with what they know, and two, it says the developers aren’t listening,” he said. Heckman said that developers should consider all data input by a user as harmful until proven otherwise.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| November 11, 2009
Comments Off on Microsoft Cop Tool Leaked

Microsoft Cop Tool Leaked

Microsoft Cop Tool LeakedI recently wrote about Microsoft’s COFEE computer forensics tool here. Three weeks later, Yobie Benjamin at SFGate writes that Microsoft COFEE, “One of the most important tools in computer forensics and law enforcement,” was apparently uploaded to bit torrent site What.CD on November 09, 2009, and is now available on the Internet.

What.CD management issued a statement, “Suddenly, we were forced to take a real look at the program, its source, and the potential impact on the site and security of our users and staff… And when we did, we didn’t like what came of it. So, a decision was made. The torrent was removed (and it is not to be uploaded here again).

Microsoft logoDarkReading says that COFEE was so sought after in the computer underground that an enormous bounty of 1.6 terabytes of capacity was offered to the first one who would upload the software. Robert Graham on DarkReading explains that the version on COFEE om BitTorrent has only Microsoft tools, so I don’t know for certain what other tools it might run. Yet similar forensics toolkits all run the same sorts of programs. They run standard tools for grabbing the browser history (from Firefox and IE). The tools can run versions of “pwdump” to grab the password hashes for offline cracking. The browser cache can be captured by these types of tools. They look for recently changed files. They might scour the hard drive and take an MD5 hash of all the files. Similar tools look for unique device IDs, such as your MAC address or built-in hard drive ID.

Steve Ballmer is mad

Who took my COFEE

One of the worries is that now that the tool is public, criminals can now defend against it. This is nonsense according to Graham. Police forensics are already well-known, and criminals already know how to defend against them. Graham, concludes that tools like COFEE don’t do anything extra that is unknown or secret. What makes them dangerous (to criminals) is that law enforcement agents can run them without much training, in an automated fashion.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| August 28, 2009
Comments Off on WPA Gone in 60 Seconds

WPA Gone in 60 Seconds

WPA Gone in 60 SecondsJapanese researchers have identified a WPA hack that could give hackers a way to read encrypted Wi-Fi traffic  in less than 1 minute. Toshihiro Ohigashi (Hiroshima University) and Masakatu Morii (Kobe University) presented a way to break the WPA (Wi-Fi Protected Access) encryption system at the Joint Workshop on Information Security. The researchers outlined their work in a paper called “A Practical Message Falsication Attack on WPA” on August 7, 2009.

The new attack builds on 2008 research from Darmstadt University of Technology graduate students Martin Beck and Erik Tews who proved that WPA Temporal Key Integrity Protocol (TKIP) could be attacked. The Beck-Tews attack only worked on short packets in a WPA implementation that supported 802.11 quality of service (QOS) features and took between 12 and 15 minutes to work.

The new threat uses “man in the middle” (MITM) attacks on WPA TKIP systems. The MITM attack uses the “chopchop” attack on a short packet (like ARP broadcasts), decipher its 64-bit Message Integrity Code (MIC), and can then craft whatever packet it wants. The new packet is coded with the proper checksums and passed along to the access point, which should accept it as genuine. Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated told IDGNews, “They took this stuff which was fairly theoretical and they’ve made it much more practical.”

Both attacks work only on WPA systems that use the TKIP algorithm. The new attack does not work on newer WPA2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm. Kelly Davis-Felner, marketing director with the Wi-Fi Alliance, said that people should now use WPA2. She told IDGNews, WPA with TKIP “was developed as kind of an interim encryption method as Wi-Fi security was evolving several years ago.”

Enterprise Wi-Fi networks typically include security software that would detect the type of man-in-the-middle attack described by the Japanese researchers, Robert Graham, CEO of Errata Security told ars technica. He continues, the development of the first really practical attack against WPA should give people a reason to dump WPA with TKIP, he said. “It’s not as bad as WEP, but it’s also certainly bad.”

rb-

This is only an issue if the WLAN is secured at all.  Motorola published a report in April 2009  that says 64% of companies are neglecting WLAN security. The report claims that only 47% of companies are using Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA) encryption on their wireless networks.

These attacks highlight the weaknesses of TKIP-based WLAN encryption. WPA TKIP was developed to fix the worst of the security holes in the first Wi-Fi encryption protocol, WEP. WI-Fi-certified products have had to support WPA2 since March 2006 . Users should move to AES-CCMP which requires WPA2 Personal for home and small office networks or WPA2 Enterprise for larger networks.

Using AES-CCMP may require that some network equipment installed before 2003 be reviewed as AES supports key lengths up to 256 bits, which may not be compatible with older hardware. Any remaining equipment of this vintage may need to be upgraded to newer Wi-Fi adapters, switched to Ethernet only, or retired. WPA2 has not shown any vulnerabilities to date. There is no real good reason to try to secure your WLAN with WPA-TKIP anymore.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: wi-fi | Tags: , , , , , , , , , , , , ,
| July 18, 2009
Comments Off on Weak PBX Passwords Cost $55 Million

Weak PBX Passwords Cost $55 Million

Weak PBX Passwords Cost $55 MillionThe U.S. Justice Department unsealed indictments against three Filipino residents on 06-12-2009 for an international PBX hacking scheme. According to Security Fix, the three are accused of hacking into thousands of private telephone networks in the U.S. and abroad, and then selling access to those networks at call centers in Italy that advertised cheap international calls and used the profits to help finance terrorist groups in Southeast Asia.

broke into PBX and voice mail systems, mainly by exploiting factory-set or default passwordsThe U.S. government alleges that the people arrested in the Philippines were responsible for hacking private branch exchange (PBX) systems and voice mail systems owned by more than 2,500 companies worldwide. The indictments allege that between October 2005 and December 2008, Manila residents Mahmoud Nusier, Paul Michael Kwan and Nancy Gomez broke into PBX and voice mail systems, mainly by exploiting factory-set or default passwords on the systems. According to Erez Liebermann,  assistant U.S. attorney for New Jersey, “The default passwords were left open in most of these PBX systems.”

The government charges that Italian call center operators paid the hackers $100 for each hacked PBX system they found. The defendants are charged with computer hacking, conspiracy to commit wire fraud, and access device fraud. The case was filed in the U.S. District Court of New Jersey, the home of long-distance provider AT&T. The documents allege the thieves used the hacked PBX systems to relay more than 12 million minutes in unauthorized international phone calls, or $55 million worth of telephone charges.

According to Reuters the defendants allegedly sold access to the compromised systems to 40-year-old Pakistani Mohammed Zamir, the manager of a call center in Brescia, Italy. Italian authorities arrested Zamir and at least four other Pakistani men operating call centers throughout Northern Italy. According to the AP and Carlo De Stefano, head of Italy’s anti-terrorism police unit, much of the proceeds were sent to the Philippines and may have been forwarded to Islamic extremist groups in the region, including Al-Qaeda-linked Abu Sayyaf. “There are strong suspicions and some clues, but nothing concrete,” De Stefano said.

Rb-

No matter the system (TCM, VoIP, SIP, T’s) sloppy installation practices can make any type of system vulnerable. That’s why I always include a requirement that all manufacturer and VAR account passwords be changed before the equipment is brought on-site and that they are changed by the Owner at the time of acceptance of the system. I have started to back this up by tying this requirement to their PLM bond requirements.

We also recommend to our clients that they disable international calling by default on their system and only allow it as required, based on the concept of least privilege.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
« Older Entries   Recent Entries »