Repost: Monthly Infosec Nights – September 1st, 2010
Figure I'll post this here and see if anybody who reads this might be interested.
Subject: [Vanhackspace] Monthly Infosec Nights - Wednesday, September 1st, 2010 @ 19:00h Date: Wed, 04 Aug 2010 09:28:20 -0700 From: Colin KeigherReply-To: vanhackspace@lists.uselessdegree.net To: vanhackspace@lists.uselessdegree.net Hi all, I'd like to invite you all to the first-ever information security night at Vancouver Hack Space (VHS). If this is successful, we'll be having these at least once a month likely on the first Wednesday. Our first meeting will be on Wednesday, September 1st at 19:00. For some of you, this may be your first excuse to come down, so here are some details on where VHS is physically located: 45 W. Hastings Vancouver, British Columbia (778) 785-5982 (Entrance is located in the rear, in the alleyway) All members and non-members of all ages are welcome to attend! We do ask that non-members bring a donation of $5 to support the space. If you're having problems getting in, that phone number is a direct line inside. What will be discussed? Well, this is how I'd like the format to go: 19:00 - Doors open 19:30 - First talk 19:45 - Second talk (optional) 20:00 - Free form By talks, what I mean is that I invite anybody to step forward and suggest a topic that can be presented in the time allotted. Topics may include but are not limited to cryptography, intrusion, social engineering, exploitation, flaws, theories, espionage, privacy, legal issues, and anything computer security and hacking-related. If you're interested, message me on or off of this mailing list. I am also available on #vhs on OFTC IRC as "afreak". Free form is a period where we can all discuss, share, and so forth! Food and beverages are welcome in the space. As well, Internet access is also provided. If you're presenting a talk, a projector is also available. If you have any suggestions or ideas, do not hesitate to throw them my way! Thanks, Colin Keigher
Speaking at The Next HOPE
I will be presenting an observation of the 2010 Winter Olympics at the upcoming Hackers on Planet Earth (HOPE) conference in New York City on Friday, July 16th.
As per the abstract:
"Brilliants Exploits" - A Look at the Vancouver 2010 Olympics
With the 2010 Winter Olympics having come and gone, it's not too late to look back at what an event it was. From a technology standpoint, CCTV cameras and ticket sales will be looked at, and from a social standpoint, matters involving intellectual property as well as the police will be examined.
A few of us did some research on the CCTV camera network prior to the Olympics and I am also giving an overview of the flaws in the ticket system that was used.
You'll find my presentation on the Lovelace track on Friday at 17:00h. A copy of the presentation will be posted here once I return to Vancouver.
AM I HACKER-PROOF?!?!?!? LIGATT says I am not!
Before I start, why the fuck is "LIGATT" all in capital letters and if it is not an acronym, what does it mean? If it is not either, then I guess that Mr. Evans grabbed a few tiles from the Scrabble bag and came up with this horrible name.
On LIGATT and the scan itself
Anyway, I am sure that you have read the news on LIGATT so I will spare you the background. If you haven't heard of Gregory Evans, World's Number-One Hacker; read up on the links provided and I am certain that you'll begin to wonder how Kevin Mitnick's so-called "overwing" could fathom the concept of the firm.
Moving along, we are graced with an excellent photo of a yelling black man screaming, "am I hacker proof?" Needless to say, this is a question I scream at my boss every morning as I walk in. He doesn't speak to me much and doesn't invite me to team meetings anymore. Oh well.
I decided that since LIGNAT was offering the service that I'd take advantage of the free offer and see if I was as safe as I thought I was. Boy was I ever wrong and it has since caused me to place an extra seven layers of aluminium foil on my head.
According to LUGNUT's scan, the following were found thanks to my information and the scan itself!
- 327 web results
- 12 local results
- 164 video results
- 8 books results
- 208 blogs results
- 133 news results
- 16 images results
I am glad to know that there are books on Horatio out there.
What did it find besides books?
The results were that it found three vulnerabilities--them being ports open--on the host I connected from. However, it seems that LAGNAT is only doing a basic NMap scan. The scan appears to perform a broad scan and interpreting any open port as a vulnerability.
One of the many 'attempts' to bypass my gateway.
I didn't bother to monitor all activity, but I did at least log to determine what was going on. In particular, Apache and SSH were targeted by LEGNUT's scans.
97.74.195.39 - - [21/Jun/2010:19:49:10 -0700] "GET %2F%2Fetc%2Fpasswd
HTTP/1.1" 404 512 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine;
http://nmap.org/book/nse.html)"
The above just repeats in similar fashion over and over again. It doesn't seem to make much of an emphasis on Apache bugs but rather at potential chroot escapes. With regards to SSH, it makes two attempts at exploiting two old bugs but nothing more than that.
Besides, SSH and HTTP, it scans for typical TCP/UDP ports such as FTP, mail services, Windows services, et cetera--nothing fancy really. Basically for $30 USD, LEGNUO will do what I will likely do for free if you ask me privately. There are also other services out there that will do the same for cheap or free.
The hosting provider he uses isn't really meant for such scans
To make matters more interesting, LUGJUG runs all of this off of a GoDaddy-provided server.
ckeigher@antares:~$ whois 97.74.195.39
[...]
NetRange: 97.74.0.0 - 97.74.255.255
CIDR: 97.74.0.0/16
OriginAS: AS26496
NetName: GO-DADDY-SOFTWARE-INC
NetHandle: NET-97-74-0-0-1
Parent: NET-97-0-0-0-0
NetType: Direct Allocation
NameServer: CNS1.SECURESERVER.NET
NameServer: CNS2.SECURESERVER.NET
NameServer: CNS3.SECURESERVER.NET
Comment: Please send abuse complaints to abuse@godaddy.com
RegDate: 2008-08-14
Updated: 2008-08-14
The scan happens to violate the AUP provided by GoDaddy themselves.
2. YOUR OBLIGATIONS
[...]
vi. interfere, disrupt or attempt to gain unauthorized access to any computer system, server, network or account for which You do not have authorization to access or at a level exceeding Your authorization;
vii. disseminate or transmit any virus, trojan horse or other malicious, harmful or disabling data, work, code or program;
viii. engage in any other activity deemed by Go Daddy to be in conflict with the spirit or intent of this Agreement or any Go Daddy policy; or
Before you initiate a scan, if you were to do this as a regular user, you'd unlikely understand what ports are and therefore the service would be violating the AUP. However, seeing that GoDaddy's track-record for enforcing their own policies and rather focusing on selling domains to dumbasses (such as Mr. Evans), I doubt that we'll see any action towards this practice.
Playing around
While feeding it some junk data, I did manage to get it to give me the following error:
Warning: Invalid argument supplied for foreach() in
/home/ligattsecuritycom/public_html/amihackerproof/check_this_scan_status_quick.php
on line 624
Going directly to the mentioned file gives the following:
Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/ligattsecuritycom/public_html/amihackerproof/check_this_scan_status_quick.php on line 6
Error occured
That first error was achieved when I changed the IP fed by the form to 127.0.0.1. It still scanned my host when I attempted this, but it seems to have broken something else. The end results returned were no different and it still scanned my host once more.
Overall, LIGGGGGGGGGGGGGORT is being quite the charlatan.
Hootsuite and their Ill-regard for their URL Shortener Service
Being that Twitter is being used more and more by corporations and non-profits, it's no surprise that Twitter clients like Hootsuite have made inroads in making social networking more accessible. Many clients of Hootsuite's services include Disney, Fox, The Economist, and Dell.
Why does the Wii show key presses?
A USB keyboard attached to the Wii should never display key presses on the on-screen keyboard especially when a password input is at play. Now, I know that the console isn't designed with user security in mind, but some common sense should prevail.
Skip ahead by a minute to get through me launching the Wii, browser, et cetera.
Bonus points if you can figure out what I typed in as password.
Not dead!
I know that I haven't updated this recently. With a talk at The Next HOPE, moving both physically and virtually, and trying to get other tasks out of the way, this site has sort of become neglected.
Good things are coming soon!
Cheap and easy Bluetooth speaker phone for your car!
This is out of the norm for what I have been posting lately, but someone had shared this ingenious idea to place a cheap "hack".
If you're lucky enough to have an auxiliary input on your car stereo, you can easily pull off a simple Bluetooth-based speaker phone system for you car.
Items needed:
- Bluetooth adapter with headphone output - Deal Extreme $12.99 USD
- 3.5 mm headphone cable appropriate for input into your car stereo
Once it arrives, you can set it up as follows!
The call quality is excellent and doesn't need much amplification on my end. To make things even sweeter, there is no echo even at conversation levels for the receiving end.
I added some Velcro to the setup and it works great!
Major large courier with an arrow in its logo versus an HP server
Back in February, a server came into our office from a client in the United States. I think that the images speak for themselves, but the damage was severe enough that the system wouldn't boot let alone turn on its fans. After the insurance was taken care of and the server was brought back to us from the United States even though they were told to ship it to us, I managed to successfully rescue the array--slowly.
More photos included in this post.