Datenterrorist

Keykeriki

Balle — Wed, 17 Jun 2009 10:48:23 +0000

Keykeriki is the first open source 27Mhz wireless keyboard sniffer.
Click

Analysis of the Green Dam Censorware System

Balle — Tue, 16 Jun 2009 09:17:51 +0000

“Summary We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC.”

Click

Passport hacking

Balle — Mon, 29 Sep 2008 14:56:47 +0000

“THC has discovered weaknesses in the system to (by)pass the security checks. The detection of fake passport chips does not work. Test setups do not raise alerts when a modified chip is used. This enables an attacker to create a Passport with an altered Picture, Name, DoB, Nationality and other credentials.The manipulated information is displayed without any alarms going off.The exploitation of this loophole is trivial and can be verified using thc-epassport”

Source: freeworld.thc.org/thc-epassport

Tools released at Defcon 16

Balle — Fri, 22 Aug 2008 10:46:05 +0000

Just a quick link to a Blog that lists tools that were released at this years Defcon.

Snoop

Balle — Fri, 18 Jul 2008 08:50:08 +0000

Snoop is a GNU/Linux file descriptor monitoring tool inspired by FreeBSD’s ‘watch’. It goes beyond simple TTY snooping by allowing the interception of any file descriptor. You can attach on the fly to regular files, TTYs, named pipes, character devices, and pretty much anything that is represented by a file descriptor and addressable in the standard name space.
Click

Stupid smartcards

Balle — Wed, 25 Jun 2008 09:15:19 +0000

“Dutch security researchers rode the London Underground free for a day after easily using an ordinary laptop to clone the “smartcards” commuters use to pay fares, a hack that highlights a serious security flaw because similar cards provide access to thousands of government offices, hospitals and schools.
[...]
Oyster Cards feature the same Mifare chip used in security cards that provide access to thousands of secure locations. Security experts say the breach poses a threat to public safety and the cards should be replaced.”
Source: Wired.com

Debian OpenSSL Fuckup

Balle — Fri, 16 May 2008 02:43:17 +0000

“A flaw in the way that OpenSSL is implemented in the Ubuntu and Debian distributions of Linux have earned the software an unenviable adjective in the world of encryption: Predictable.

On Tuesday, the team behind the popular Ubuntu distribution of Linux announced that it had issued a patch to fix a flaw inadvertently added to the OpenSSL code which dramatically reduced the number of possible keys generated by the software. While the flaw is in OpenSSL, the same code is used to generate keys for a number of other popular programs, including OpenSSH, OpenVPN and SSL certificates.

“All OpenSSH and X.509 keys generated on such systems must be considered untrustworthy, regardless of the system on which they are used, even after the update has been applied,”
Source: SecurityFocus

Lateral SQL injection

Balle — Mon, 28 Apr 2008 16:23:07 +0000

“How can an attacker exploit a PL/SQL procedure that doesn’t even take user input? Or how does one do SQL injection using DATE or even NUMBER data types? In the past this has not been possible but as this paper will demonstrate, with a little bit of trickery, you can in the Oracle RDBMS.”
Click

Automated exploits from patches

Balle — Fri, 25 Apr 2008 09:46:28 +0000

“The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P’, automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P’. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can automatically generate exploits for vulnerable programs based upon patches provided via Windows Update.

In many cases we are able to automatically generate exploits within minutes or less.”
Click

META Fun

Balle — Tue, 22 Apr 2008 10:30:32 +0000

“Metagoofil is an information gathering tool designed for extracting the Meta-Data of public documents (pdf,doc,xls,ppt,etc) available on target/victim websites. It will generate a html page with the results of the Meta-Data extracted, plus a list of potential usernames.”
Download from Packetstorm