SE's Weblog

A Device to Grab Data From Cell Phones

// September 2nd, 2008 // No Comments » // Security, Techie

Apparently there is a quick, simple, and undetectable way to grab all of your cellphone data. CNet reports on the Cellular Seizure Investigation (CSI) Stick, developed for law enforcement but available to the public, which ‘connects to the data/charging port and will seamlessly grab e-mails, instant messages, dialed numbers, phone books and anything else that is stored in memory. It will even retrieve deleted files that have not been overwritten. And there is no trace whatsoever that the information has been compromised, nor any risk of corruption. This may be especially troublesome for corporate employees and those that work for government agencies.’ I use mobile knox, a secure storage application, for my important data, but I would be very upset if somebody grabbed my telephone list, SMS, or anything else from my locked phone.

Bank customer data sold on eBay

// August 27th, 2008 // 2 Comments » // Security

Walpurgiss tips a BBC News story about a man in Oxford who paid $140 for a computer on eBay, and was shocked to find on it bank records of several million customers of the Royal Bank of Scotland, its subsidiary Natwest, and one other bank.

“Mr. Chapman said anyone with a basic knowledge of computer software would have been able to find the data fairly simply. ‘The information was in back-up CDs and in ISO files so it would have been possibly quite easy to find…,’ he said.”

PS: related joke.

Man: “Look, I found eight million customer records on here!”

Bank tech: “That’s weird, we always stored ten million records in those databases…”

Man: “Huh, no idea what happened to those other two million.”

Internet-connected coffee maker has security holes

// June 18th, 2008 // No Comments » // Security

($2,000 Jura F90 coffee maker)

An Australian man has discovered security vulnerabilities in his Internet-connected coffee maker that could allow a remote attacker to not only take over his Windows XP-based PC but also make his coffee too weak.

Craig Wright, a risk advisory services manager at professional services firm BDO, found several security holes, including a buffer overflow in the Internet Connection software that links his Jura F90 coffee maker to his PC.

Once connected to the Internet, the high-end coffee maker, which retails for nearly US$2,000 on Amazon, lets you do things like set the strength of your coffee and get remote diagnostic help over the Internet without having to send the appliance in for service.Wright posted the information on the vulnerabilities, and the fact that there is no patch available yet, to the BugTraq security e-mail list on Tuesday.

A U.S.-based public relations representative for the coffee maker said she would try to reach spokespeople in the Switzerland headquarters for comment.

The threat hasn’t kept Wright awake at night, although the coffee does, he said in an interview with CNET News.com at 2:30 Wednesday morning Sydney time.

“I don’t know if many people would target this particular vulnerability because there probably are not a lot of coffee makers at the moment that are Internet-connected, and in my case it’s behind a firewall,” he said.

However, Internet-connected appliances are the wave of the future. There is already an Internet-connected refrigerator, at least one prototype of a Web-enabled oven, and pilot tests for dryers and water heaters.

Eventually “you’ll be able to turn on your oven with your mobile phone” and a malicious hacker could wind up burning the house down, Wright said.

Файлуудыг кодолдог шинэ вирус

// June 6th, 2008 // 11 Comments » // Security

Таны мэдээлэлийг кодолдог Gpcode вирусийн шинэ хувилбар болох Virus.Win32.Gpcode.ak нэртэй вирус гарсан талаар Kaspersky Lab мэдээлжээ. Gpcode.ak нь  .doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h  гэх мэт өргөтгөлтэй файлуудийг 1024-bit key -ийн RSA encryption algorithm-аар кодолдог юм байна.
Өмнөх хувилбар нь 660-bit key-ээр кодолдог байж. ингэж  660-bit key-ээр кодлогдсон файлийг crack  хийхийн тулд 2.2 Ghz processor -тай компьютер 30 жил ажиллах болдог гэнэ.
Kaspersky virus analyst-ууд гэхдээ өмнөх хувилбарт нь in-depth cryptographic analysis хийсэний үр дүнд private key-г нь crack -даж чадсан гэнэ ээ.
Gpcode-ийн зохиогч нь 2 жил ажиллаж байж алдааг нь засан вирусаа сайжируулаад 1024 bits-ээр кодолдог болсон байна.

Энэ удаа Kaspersky судалгааний багынхан  Gpcode.ak -ийн 1024 bits -ээр кодлодсон файлийн кодийг нь тайлж чадахгүй байгаа гэнэ. Яг одоогийн байдалаар кодлогсон файлуудийг зөвхөн вирусийн зохиогчид байгаа private key -ээр тайлах юм байна.

Gpcode.ak вирус нь файлуудийг кодлоод өргөтгөлийг нь  ._CRYPT болгон тухайн хавтасанд нь мөн !_READ_ME_!.txt файл цуг үүсгэдэг бөгөөд тэр файл нь доорхи код тайлагчыг зарахаар санал болгосон бичлэгийг агуулдаг:

«Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com»

Мөн GPcode файлуудаа кодлох ажилаа дууссаны дараа, дараах дэлгэцийг харуулна.

In this case, Kaspersky researchers recommend that victims try to contact us using another computer connected to the Internet. DO NOT RESTART or POWER DOWN the potentially infected machine.

Kaspersky Lab offers some help:

Contact us by email at stopgpcode@kaspersky.com and tell us the exact date and time of infection, as well everything you did on the computer in the 5 minutes before the machine was infected:

∙ Which programs you have executed,
∙ Which websites you have visited, etc.

We’ll try and help you recover any data that has encrypted.

Kaspersky Lab analysts are continuing to analyze the virus code in search of a way to decrypt the files without having the private key.

[source]

юмыг яаж мэдхэв нөөц эртхэн авч байгаарай. ялангуяа цонх ашигладаг хүмүүс

XP SP3 huuchin bug-tai Flash suulgadag gene

// June 4th, 2008 // 2 Comments » // Security

Windows XP,  Service Pack 3 ni Flash 6 (yes, 6, as in from a long time ago and vulnerable to numerous problems) -g suulgadag buguud Microsoft ni daraagiin huvilbariig ni suulgah license-gui uchir huuchin huvilbariig ni ingej taraah bolson gene ee. SP3 suulgasaniihaa daraa flashaa adobe-oos update hiisen ni deer um bna.

Stealing From Banks One Cent at a Time

// May 29th, 2008 // No Comments » // Security

In a story strangely reminiscent of Superman 3, a ‘hacker’ allegedly stole over $50,000 from PayPal, Google Checkout as well as several unnamed online brokerage firms. When opening an online brokering account it is common practice for companies such as E-trade and Schwab to send a tiny payment — ranging from only a few cents to a couple of dollars — to verify that the user has access to the bank account listed. According to the story, the attacker wrote a script that opened thousands of accounts at dozens of these providers. He was arrested not for taking the money, but for using false names in order to get it.

PC-г дэлбэлэх гэх үү

// May 25th, 2008 // No Comments » // Security

Die Hard 4 deer gardag shig PC-g Bomb bolgoh bolomjtoi gene dee.

(tomoor ni zurag deer daraad uzeeree)

таны password, email zereg zuils naidvartai hadaglagdaj chadaj bgaa u?

// May 19th, 2008 // 3 Comments » // Security

Naidvargui ajildag serveruudiin cache -iig ashiglaad medeeleluudiig ni avch boldog um bna, gehdee odoo zasagdaj bgaa baihaa ter serveruud ni

zugeer google-deel … passwordiig medej bna, bas banking accountiig ni ingeel

(more…)

The 25 Year Old BSD Bug

// May 11th, 2008 // 2 Comments » // Security

It’s the birthyear of a 25 year old BSD bug, squashed only a few days ago.

A few days ago, Marc Balmer, OpenBSD developer, received an email from an OpenBSD user. The email claimed that SAMBA would crash when serving files off an MS-DOS filesystem. Balmer got into contact with a few SAMBA developers who claimed that SAMBA uses a special workaround in order to function properly on BSD systems: the code for reading directories in all BSDs was flawed.

Understandably, Balmer’s first reaction was disbelief. “Of course my first reaction was to blame Samba,” he writes. Despite his initial reaction, he decided to dig deeper into this case, and he uncovered a bug that had been sitting in the code of all BSDs (including Mac OS X), including a lot of old releases. He confirmed the bug was already in 4.2BSD, released in August of 1983. (more…)

Цагдаа нар таний computer -ийг crack-хад Microsoft туслаж бна

// April 30th, 2008 // 2 Comments » // IT, Security

Цагдаа нарт зориулж гэмт хэрэг илэрүүлэлтэнд туслах зорилгоор Микрософт жижигхэн plug-in device  бутээсэн бөгөөд үүнийгээ 15 улсийн ( including Poland, the Philippines, Germany, New Zealand and the United States)  2000 оффицеруудад үнэгүй тараасан юм байна. Энэ төхөөрөмж нь Windows security -г эвдэх чадвартай юм бна (decrypting passwords, гэх мэт.)

eh survalj ni

Laptop-toigoo USA yavahgej bgaa bol dotor ni ui bgaagaa dahin neg shalgah heregtei um bna

// April 24th, 2008 // 1 Comment » // IT, Security, hmmmm

yamar ch baisan odoogoor LAX(Los Angeles International airport) deer tanii laptop dotorhiig shalgah erhtei bolj bgaa um bna. eh survalj ni

1 medee 1 comment

// April 16th, 2008 // No Comments » // Security

Oklahoma Leaks 10,000 Social Security Numbers

“Apparently the folks at the Department of Corrections of Oklahoma just forgot to use common sense when they created the state’s Sexual and Violent Offender Registry. By putting SQL queries in the URLs, they not only leaked the personal data of tens of thousands of people, but enabled literally anyone with basic SQL knowledge to put his neighbor/boss/enemies on the sexual offender list. Fortunately, after the author of the blog The Daily WTF notified the department about the issue, the site went down for ‘routine maintenance’ on April 13 2008.”

comment:

This breaks my brain, even for the normally stereotypically slow, stereotypically technology-shy government (though I will say that a lot of the Government of Canada sites work surprisingly well in my experience).

SQL queries IN THE QUERY STRING. Someone reading their FIRST BOOK on web development would know not to do that! And now God help the people who have been affected by this: try proving to the government that you’re not a sexual offender when you’re already on their list.

SQL injections. [wikipedia.org] Learn them. Learn how to mitigate them [php.net] (a PHP-specific example, but there are similar mitigation techniques for other languages). And I mean, hell, in a site like this (and especially with programmers apparently this bad), stored procedures [wikipedia.org] might be the thing to implement. Or even better, use a framework like CakePHP [cakephp.org], Rails [rubyonrails.org], or Django [djangoproject.com] with this sort of sanitation built into the queries it generates.

Ugh. I hope someone gets fired for this. I bet, though, that in reality this was programmed by the lowest bidder.

Tanii wireless-iig hursh chin zuvshuurulgui ashiglaval ta yah ve?

// April 2nd, 2008 // 4 Comments » // Funny, IT, Security

zuvshuurulgui ashiglaad bgaa humuuseer jaahan togloom hiij boloh um bna. (IT medleg jaahan shaardagdah baih )

I’m starting here by splitting the network into two parts, the trusted half and the untrusted half. The trusted half has one netblock, the untrusted a different netblock. We use the DHCP server to identify mac addresses to give out the relevant addresses.

(more…)

(Linux/Windows/Mac) hacking contest -iin etsesiin dun garchee.

// March 30th, 2008 // No Comments » // IT, Security

3 dahi udur ni Vista hackduuljee. ene udaa umnuh jiliin avraga Vista-g Adobe flash-iin bug ashiglaj hackdsan bna.

Ingeed ene temtseend Mac, Windows hackduulaad Ubuntu yalagch boloh shig bolloo.

delgerengui medeelel ni end baigaa

(Linux/Windows/Mac) hacking contest -iin 2 dahi uduriin dun.

// March 28th, 2008 // No Comments » // IT, Security

Umnu ni end medeelj bsan CamSecWest hacking contest (Linux/Windows/Mac) dungee gargasan bna. Oroltsogchid doorhi 3aas baigaa songoh yostoi baij.

Bugd hamgiin suuliin update-uudee hiisen.

• VAIO VGN-TZ37CN running Ubuntu 7.10
• Fujitsu U810 running Vista Ultimate SP1
• MacBook Air running OSX 10.5.2

ingeed temtseenii 2 dahi udur ehleed 2 min-iin dotor MacBook Air hamgiin turuund hackduulsan bna. tsoorhoi ni Safari web browsert bsan bna. (umnuh jiliinhd QuickTime -d tsoorhoi bsan.) Apple aldaagaa zastal detail-iig ni zadruulahgui gesen um bna. Yalagch boloh Charlie Miller hackdsan MacAir-ee bolon $10,000 beleneer avchee.

eh survalj n

bas end bgaa