Archive for November, 2009

Spoofed Twitter login page.

“Hi. This you?? LOL” Twitter Attack Snares Kevin Mitnick

Historically the “Is this you?” style Twitter attack seems to be seeded by either an original break in to the victim’s Twitter account, or that user having provided his or her credentials to a phishing style web site made to look like Twitter as the attack propagates through the popular micro-blogging service. This time around however, the account of security consultant and former cracker Kevin Mitnick was caught up in this generic, untargeted Twitter “worm”.

You’ve been SHODAN’d

You’ve been SHODAN’d

IT Administrators responsible for the servers whose listening services are showing up in the search results of the new SHODAN Computer Search Engine should pray that the ethical restrictions of those ‘shodanning’ (googling counterpart?) or searching remain intact. Or better start the implementation of countermeasures (close unnecessary ports, etc).

From Promiscuous to Port Scanning with Powershell

It’s been a while since my last post regarding Powershell which showed how to scan hosts for network interfaces in promiscuous mode. This time around, we’ll scan for some well known ports in our Active Directory to see who has a local IIS or SQL Express running on their machine. I know what you’re thinking. […]

Members of Anonymous protesting scientology.

Not the Haus of Gaga too

Around 9pm EST on Monday the Twitter account of pop singer Lady Gaga, @ladygaga was cracked in to and a series of messages added to her tweet stream. This is the second high profile Twitter account to be cracked in the last few days, on Friday the account of pop singer Britney Spears, @BritneySpears, started professing sympathy for the devil. The Lady Gaga one is interesting though, because like an homage to old school cracks of the past, the attackers appear to have left their name. Further these are two high profile accounts broken into after Twitter has implemented at least three major changes to their web site’s authentication process.

Panhandling and Policy

Panhandling and Policy

I have been watching an aggressive panhandler, sometimes with a second person, approach and threaten people (mostly old ladies, young girls, and tourists) at the corner of Church and Chambers Streets in New York City for the past month or so. While a nuisance, and problematic for the people he threatens, this is not terribly unusual in large cities although does seem to have become more prevalent based on what are likely a number of factors (including notably a down economy and a change in police enforcement). The problem in this case though, is that an NYPD police officer directs traffic at this intersection every day, watches and ignores what’s happening. What I’m observing unfold plays itself out similarly in every information security department in every company on a daily basis.

The Perfect Crime, the perfect alibi: My Facebook Status

The Perfect Crime, the perfect alibi: My Facebook Status

The NY Times brings us the story of Rodney Bradford. He’s the 19 year old Brooklyn man whose lawyer, Robert Reuland, invoked one of the first known “Facebook alibis” in his defense of the 19 year old Bradford on what were a second set of robbery charges he was facing. Since the Facebook defense is […]

Taxonomy of Forensics Geeks

Have you met these types in the forensics forums, lurking in your blog comments, or anywhere else on the Intertubes: The Back-Door Man who knows that MSFT has stealth back doors in Windows, or the Man of Few Words with his pithy “One word: TrueCrypt” style comments? Happy as a Monkey breaks it all down […]

Remote SMB Exploit: Crashing Windows 7 and Server 2008

Remote SMB Exploit: Crashing Windows 7 and Server 2008

Python code was posted today by Laurent Gaffie on his blog, demonstrating a much too easy way to remotely crash a Windows 7 or Windows Server 2008 machine. The crash is caused by sending a NetBIOS header which specifies that the SMB packet is 4 bytes smaller or larger than it actually is. In this code sample below, you can see that the header has the length of the packet set to 9a rather than 9e (4 bytes smaller).

What DNS is not

What DNS Is Not by Paul Vixie details what DNS is by explaining what it is NOT.

More COFEE Please, on Second Thought…

The forensics tool provided to law enforcement officials created by Microsoft called COFEE  (Computer Online Forensic Evidence Extractor) has been leaked on torrents last week, and this has caused quite a bit of excitement.  Let’s see if the big deal is warranted.

Page 1 of 212