Historically the “Is this you?” style Twitter attack seems to be seeded by either an original break in to the victim’s Twitter account, or that user having provided his or her credentials to a phishing style web site made to look like Twitter as the attack propagates through the popular micro-blogging service. This time around however, the account of security consultant and former cracker Kevin Mitnick was caught up in this generic, untargeted Twitter “worm”.
Archive for November, 2009
IT Administrators responsible for the servers whose listening services are showing up in the search results of the new SHODAN Computer Search Engine should pray that the ethical restrictions of those ‘shodanning’ (googling counterpart?) or searching remain intact. Or better start the implementation of countermeasures (close unnecessary ports, etc).
It’s been a while since my last post regarding Powershell which showed how to scan hosts for network interfaces in promiscuous mode. This time around, we’ll scan for some well known ports in our Active Directory to see who has a local IIS or SQL Express running on their machine. I know what you’re thinking. [...]
I have been watching an aggressive panhandler, sometimes with a second person, approach and threaten people (mostly old ladies, young girls, and tourists) at the corner of Church and Chambers Streets in New York City for the past month or so. While a nuisance, and problematic for the people he threatens, this is not terribly unusual in large cities although does seem to have become more prevalent based on what are likely a number of factors (including notably a down economy and a change in police enforcement). The problem in this case though, is that an NYPD police officer directs traffic at this intersection every day, watches and ignores what’s happening. What I’m observing unfold plays itself out similarly in every information security department in every company on a daily basis.
Have you met these types in the forensics forums, lurking in your blog comments, or anywhere else on the Intertubes: The Back-Door Man who knows that MSFT has stealth back doors in Windows, or the Man of Few Words with his pithy “One word: TrueCrypt” style comments? Happy as a Monkey breaks it all down [...]
Python code was posted today by Laurent Gaffie on his blog, demonstrating a much too easy way to remotely crash a Windows 7 or Windows Server 2008 machine. The crash is caused by sending a NetBIOS header which specifies that the SMB packet is 4 bytes smaller or larger than it actually is. In this code sample below, you can see that the header has the length of the packet set to 9a rather than 9e (4 bytes smaller).
The forensics tool provided to law enforcement officials created by Microsoft called COFEE (Computer Online Forensic Evidence Extractor) has been leaked on torrents last week, and this has caused quite a bit of excitement. Let’s see if the big deal is warranted.