Tuesday, May 27, 2008

Working Hard

Hi Folks, I'm sorry for the delay time between my posts. The frequency has been very low and I guess it will like that for a while. During this time I need to work a lot, so... ... ... probably my blog will start to slow down for some months. Anyway, today I wanna point out the new 3G iPhone. Everybody knows that I like iPhone and to me, this news is pretty awesome: Three new iPhone colors 3G ! Look at that ...

Friday, May 16, 2008

Debian Open-SSL Fiasco.

I know, everybody knows about the "Debian Big Fiasco" discovered by Luciano Bello, it has reached all the world in few minutes and every network administrator has already changed own SSL certificate. For this reason I wanna say nothing about that (and it's better, believe me...) I just wanna show these amazing comics, for never forget the fact.

Thursday, May 15, 2008

Client FingerPrint.

Leaving the classical Server attacks paradigms, the newest attacks' trend is going toward Client side attacks.In my opinion It make sense, because nowadays the client's side is more complicated and for that more easy to exploit. Computec has figured out this problem and it has started a really interesting project called "Advanced Web Browser Fingerprinting" (of course :).

The browserrecon project is doing some research in the field of web client fingerprinting. The goal is the highly accurate identification of given web browser implementations. This became important within professional vulnerability analysis (e.g. drive-by pharming and phishing).

Besides the discussion of different approaches and the documentation of gathered results also an implementation for automated analysis is provided. This software shall improve the easyness and efficiency of this kind of enumeration. Traditional approaches known from http fingerprinting (e.g. header-order) are used. However, many other analysis techniques were introduced to increase the possibilities of accurate web client fingerprinting. Some basics of application fingerprinting were already discussed in the book Die Kunst des Penetration Testing (Chapter 9.3, HTTP-Fingerprinting, pp. 530-550).

One of the most interesting features about it, is the easy and fast way to install it on your source code. Written in php it's enough to copy the scripts of browserrecon to your web server; for example you might extract the downloaded archive into the directory /browserrecon. Afterwards you have to include the scripts. In PHP you can use the following call: 

Afterwards you are able to access all functions of browserrecon within your application. To run an analysis of the client while he was accessing the site you can use the following call:

This will initiate the fingerprinting of the client regarding the headers sent for requesting the given web document. Afterwards the result of the analysis is echoed. In this case you are able to show your visitors that you are able to determine their client software accurately. 
You may download the script files and also the Database files from here.

Tuesday, May 13, 2008

Funny Italian's Signs.

After my last motor-weekend I discovered around Umbria two funny signs.
The first one represents an old man who's running his bike, it seems like a "old man biking ban", that's really funny :

The second one represents a man who's eating above a scale, in this place seems to be denied eating above scales ?

I know, sometime italian people are crazy and maybe for that extremely originals ! I like Italy also for that.

Saturday, May 10, 2008

Microsoft CAPTCHA broken.

Yep, after Yahoo! and Google also Microsoft's CAPTCHA have been broken ! A report of CAPTCHA cracking research has been released by Newcastle University.

The researchers achieved a 92 per cent success rate in cracking Microsoft CAPTCHAs, which mix distorted characters with randomly placed arcs. The technique employs a sequence of simple graphical manipulations based on the properties of the CAPTCHAs, including contrast enhancement, transverse histogram analysis for character segmentation, pixel counting for arc elimination and colour filling for character boundary detection. A demonstration written in non-optimised Java took less than 100ms per CAPTCHA on a 1.8GHz PC. 

Thursday, May 8, 2008

Java on Iphone, it's reality !

Finally the Java Technology embraces Iphone !
Jonathan Schwartz, CEO and President of Sun Microsystem, said that Java is ready for iPhone.

There's just one obstacle presented by Apple EULA's license but Jonathan is pretty confident in an early solution. Personally I think this is a great news, after that every Java application might be reused inside Apple Iphone meeting reusability e modulability criteria .

rtpbreak: reconstructing RTP sessions.

Hi folks, just a  fast post to point out rtpbreak.

With rtpbreak you can detect, reconstruct and analyze any RTP session. It doesn't require the presence of RTCP packets and works independently form the used signaling protocol (SIP, H.323, SCCP, ...). The input is a sequence of packets, the output is a set of files you can use as input for other tools (wireshark/tshark, sox, grep/awk/cut/cat/sed, ...). It supports also wireless (AP_DLT_IEEE802_11) networks. This is a list of scenarios where rtpbreak is a good choice:
reconstruct any RTP stream with an unknown or unsupported signaling protocol
reconstruct any RTP stream in wireless networks, while doing channel hopping (VoIP activity detector)
reconstruct and decode any RTP stream in batch mode (with sox, asterisk, ...)
reconstruct any already existing RTP stream
reorder the packets of any RTP stream for later analysis (with tshark, wireshark, ...)
build a tiny wireless VoIP tapping system in a single chip Linux unit
build a complete VoIP tapping system (rtpbreak would be just the RTP dissector module!)
This project is released under license GPL version 2.

You'll find it here. To me, it's a very nice tool fast and easy to use. Good work Michele !

Monday, May 5, 2008

MAMPU's SSO With No Password.

Today surfing on the web I've read something about MAMPU that means Malaysia Administrative Modernisation and Management Planning Unit. Under the "principal" domain (mampu.gov.my) you might find another sub domain called SSO I really have no idea about it and I really have no idea what has been written on the project's home page. What I wanna point out is the incredible error which come out during a normal GET request on the site http://sso.mampu.gov.my/ . Here it is !

The MySQL server runs on localhost and the root password is not used ! That means the server's administrator had not well-configured the machine, probably the internal SQL server could run an AF_UNIX socket opened to external communications. If it's true everybody can access to the DataBase. 

I'm scared about these kind of system's administrators.

Would You Like Elect Your President Via SMS ?

Hi Folks, would you like to elect your president via SMS ? :). It sounds crazy ? Nope, it seems true; thanks to Marco Prandini I read this amazing article.

According to a recent, sensational survey from Samsung Mobile, 61 percent of lazy, distracted, and impossibly ignorant cellphone users over the age 18 say they would be comfortable casting their vote for President of the United States via a text message. Meanwhile, the totally serious and meaningful survey found that eight in ten (or 80 percent) of teens under the legal voting age would use their mobile devices to cast a ballot in the election. Additionally, Samsung Mobile discovered that 90 percent of cellphone users would like an ice cream cone, while another 87 percent would like an ice cream cone only after eating a quarter-pounder with cheese. Soon Samsung Mobile hopes to determine what percentage, if any, of the people surveyed know who is running for the office of president.

Via engadget

Hibernation's Attack With SandMan.

Hi folks, today I discovered, for the first time this kind of tool able to read inside hiberfil.sys: SandMan Hibernation is a fairly new Windows feature which is able to freeze everything inside the hiberfil file.

This file contains all the physical memory saved by the Operating System and aims to be restored by the user the next time the computer is powered on. Live forensics analysis is used to use physical memory dump to recover information on the targeted machine.

One of the main problems is to obtain a readable physical memory dump, hibernation is an efficient way to save and load physical memory. Hibernation analysis has notable advantages. System activity is totally frozen, therefore coherent data is acquired and no software tool is able to block the analysis. The system is left perfectly functional after analysis, with no side effects.

The hibernation file opens two valuable doors:

The first one is forensics analysis for defensive computing. Hibernation is an efficient and easy way to get a physical memory dump. But the main issue about it was: How to read the hiberfil.sys? This is why SandMan was born.

The second one is a new concept we will be introducing and called “offensics” which is a portmanteau from “offensive” and “forensics”. If we can read hiberfil.sys, can we rewrite it? The answer is: Yes, with SandMan you can.

Sandman is a C Library that aims to read the hibernation file, regardless of Windows version. Thus, it makes possible to do forensics live analysis on the dumped file.

To read more about that, here there's the main white Paper.
If you wanna try it, you can download the entire framework here.