If you lose a Windows password, or you buy a system that has an OS on it, but you don’t know the password, what are you to do? The best thing to do would be to throw in a Linux CD, format the drive, and install the Distro. But, what if you want to boot to the system and see what’s on there, and get data off?
In Part 1, Intro to Reverse Engineering – No Assembly Required, we extended the series of coding articles for non-programmers with an area of high interest in the infosec community. We’re proud to be able to bring you the highly anticipated follow-up complete with screen shots, sample code and applications. This one is long and detailed, so strap yourselves in for some great educational content. This paper is designed to outline some essential reverse engineering concepts, tools and techniques – primarily, debuggers and using the debugging process to reverse engineer application functions and algorithms. It is assumed you have knowledge of basic assembly and C programming. An understanding of Win32 programming and API calls is also helpful. This tutorial does not necessarily have to be read in order (although it is strongly advised), as some sections do not contain information that directly relates to subsequent sections. However, if you begin skipping around and find that you have trouble understanding a concept, or feel like you missed an explanation, it would be best to go back to previous sections of the tutorial and read them first.
Dark Reading covers the upcoming release of free Firefox plug-ins that test common web application vulnerabilities. As with most security tools, they could be used for good or ill. “The ExploitMe tools — which are in currently in beta form — include SQL Inject-Me, which lets you right-click on an HTML field in your Firefox browser and inject it with SQL injection payloads, and XSS-Me, which works the same way, but with XSS. The tools developers also plan to release Web services exploit tools as well.”
Last time we went over the C programming language in an introductory article specifically focusing on getting the security professional on the road to coding (or at least the road to understanding). This time around we extend the series of coding articles for non-programmers with an area of high interest in the infosec community, reverse engineering. This paper is intended as an introduction to reverse engineering for someone who has no experience whatsoever on the subject. You should have some basic knowledge of C programming, and access to a Windows or Linux box (preferably both) using the x86 architecture (i.e., your average computer). No knowledge of assembly code, registers, or the like is assumed, although it helps. The “Introduction” section of the paper is intended for the newcomer who has little or no understanding of what reverse engineering is and may be skipped by those looking for more technical details.
So you are trying to drop that MS Office habit but find yourself struggling thanks in part to features missing from Open Office (Oo) such as a solid grammar check feature. As it turns out, there is a solution for Oo users looking for this kind of functionality, be it about as â€˜craptacularâ€™ as the one for MS Office.
The problem is that grammar checkers in any form are a half-hearted solution to a larger problem. Another thing to consider is that the grammar check offered in this article does not underline mistakes as they do with misspelled words. This is due largely to the fact that this is an add-on rather part of the Oo bundle.
The Ethical Hacker Network (EH-Net) proudly releases the only Official Version of BackTrack 2 that not only adds Metasploit 3 to the toolset but is also packaged as a VMware Virtual Appliance. Here are just a few of the features added by the projects lead developer, Mati Aharoni, specifically for the EH-Net Community:
- Metasploit updated to latest svn, all dependencies upgraded
- Added fabs patches for msfgui
- Aircrack-ng updated to 1.0 svn, all dependencies upgraded
- Tcpdump patched (security fix)
- Firefox updated to latest
- Firefox links, favorites and home page
- A few more lib fixes for old nasties in BT2 final
For those of you who are not familiar with BackTrack, here’s a brief description directly from the project’s web site, http://www.remote-exploit.org/:
BackTrack is the result of merging the two innovative penetration testing live linux distributions Auditor and Whax. Backtrack provides a thorough pentesting environment which is bootable via CD, USB or the network (PXE). The tools are arranged in an intuitive manner, and cover most of the attack vectors. Complex environments are simplified, such as automatic Kismet configuration, one click Snort setup, precompiled Metasploit lorcon modules, etc. BackTrack has been dubbed the #1 Security Live CD by Insecure.org, and #32 overall.
Here is how you can backup files from dead Windows using either SLAX, Knoppix and Ubuntu.
The most important issue to young people in the 2008 campaign is one that no presidential candidate will discuss. In fact, even touching on this subject is taboo for anyone with aspirations to Congress or the White House. Anyone who has the temerity to mention this political third rail will almost certainly lose the campaign.
Russian outfit Elcomsoft has just filed for a US patent which leverages GPUs to crack passwords. Their approach harnesses the massively parallel processing capabilities of modern graphics cards to make minced-meat of corporate-strength password protection.
VMware is indispensable for software testing that I do – and itâ€™s a solid tool for freelancers as well. If youâ€™ve never heard of VMware, itâ€™s simply an application that lets you run a virtual computer inside your regular â€œhostâ€ computer â€¦ and you can do anything you want to the virtual machine without hosing up your real one. And you can reset your VMware image to itâ€™s pristine, original state any time you want.
The servers of OiNK.cd – one of the most popular private BitTorrent trackers – are raided and the admin, a 24-year-old man from Middlesbrough, is arrested.
The British and the Dutch police both contributed to the investigation that was initiated by the IFPI and the BPI, two well known anti-piracy organizations. The operation was supported by Interpol who coordinated the international cooperation.
According to early reports OiNkâ€™s servers were confiscated in Amsterdam last week. This seems to be unlikely because the site was still fully functional 24 hours ago. The administrator of OiNK was arrested this morning by the Cleveland Police. The BBC reports that his employer and the home of his father were raided as well.
Jeremy Banks, Head of the IFPIâ€™s Internet Anti-Piracy Unit, said in a reponse to the news: â€œOiNK was central to the illegal distribution of pre-release music online. This was not a case of friends sharing music for pleasure. This was a worldwide network that got hold of music they did not own the rights to and posted it online.â€
OiNK hosted hundreds and thousands of torrents with over a million peers which makes it more popular than most public trackers. The site was known to be one of the first places where leaked music albums appeared, so anti-piracy outfits such as MediaDefender were keeping a close eye on it.
In July the tracker already changed its name from OiNK.me.uk to OiNK.cd due to â€œlegalâ€ issues with their domain registrar. Unfortunately it now seems that the popular private BitTorrent tracker is in bigger trouble.
Chief of Absolute Poker site says ‘consultant’ developed method to look at others’ hole cards without their knowledge
OCTOBER 22, 2007 | The controversy has been swirling in online poker forums for a few weeks, but now it’s official: Absolute Poker has been hacked.
In a letter to regular players, Absolute Poker owner Joe Norton conceded that his site was compromised by “a high-ranking, trusted consultant employed by [Absolute Poker].”
As privacy experts, we are frequently asked about â€œopting out,â€ and which opt outs we think are the most important. This list is a distillation of ideas for opting out that the World Privacy Forum has developed over the years from responding to those questions. The list below does not contain all opt outs that are available. Rather, it contains the opt outs that we believe are the most important and will be the most useful to the most consumers.
Many people have told us that they think opting out is confusing. We agree. Opting out can range from the not-too-difficult (the FTCâ€™s Do Not Call list is a fairly simple opt out) to the challenging (the National Advertising Initiative opt out can be tricky). Our hope is that this list will clarify which opt out does what, and how to go about opting out.
OCTOBER 19, 2007 | A dozen FBI agents stormed a warehouse owned by famed magician and illusionist David Copperfield last night, coming away with evidence for an investigation that apparently reaches all the way to Seattle.
According to a report broadcast last night by a local Las Vegas television station, the FBI took a computer hard drive and a memory chip from a digital camera system. The agents also took some $2 million in cash stuffed in a safe in the warehouse, the report said.
The FBI also paid a visit to the MGM Grand Hotel in Las Vegas, where Copperfield often performs.
Both the FBI and Copperfield’s attorney confirmed that there is an investigation ongoing in the area, but the purpose of the investigation, like Copperfield’s tricks, is still a mystery.
On Monday, I wrote about three of my favorite Firefox extensions that help me stay safe when I’m browsing the darker areas of the Web and incoming email. Today, let’s look at three other extensions: Those that can turn Firefox into a feature-filled, Web-hacking weapon. These extensions aren’t required to use Firefox for hacking Web applications, but they certainly make it a lot easier.
I nearly spit out my Enviga while reading this part:
Things You’ll Need
* Approaching skills
* Approaching confidence
* A social vibe
Since I was asked by several peers in a computer course why the printer said Insert Quarter today, so I deemed this post necessary. It is amazing how unaware some people can be. This little perl script allows you to change the “Ready Message” on most HP printers to whatever you’d like. For the *nix intolerant: here is a link to a Windows binary I’ve used in the past. Keep in mind the limitations of the display when composing your clever verbiage. I wrote it after coming across the command in an HPPJL (HP Printer Job Language) reference manual I was reading for some reason that I now forget. Thanks to the flexibility and power of perl, it was a no-brainer to play with the new information.
Well, of course I couldn’t ignore such an opportunity, and it turns out to be a lot of fun. You can think up your own funny, confusing or scary messages. I generally like “INSERT QUARTER” or “FEED ME” on the larger displays (e.g, 4200, 4250). My personal favorite is “INSERT COIN” which fits perfectly on the small LCDs. You can even sit in sight of the printer and change the message while watching the reaction of your victim. Don’t be surprised, though, if a large fraction don’t even notice. I was quite surprised myself but, it appears, some people don’t look at what is in front of them.
UPDATE: I wrote a more elaborate version that takes advantage of the HP 4200′s larger, four-line display. It sends the current weather conditions which I grab from NOAA using the perl Geo::METAR module. It updates every 10 minutes. Amazingly, while many people noticed the report on the printer display, no one questioned it!
People are endlessly surprising. Isn’t it great?
A NYC photographer friend of mine, sent me this photo he took backstage today. These girls are all from Brazil, 18+, and never been to school. They went straight into modeling.
Here is what they look like when they’re models:
Using a number of sneaky attacks, it is possible for phishers and other Web-based bad guys to figure out which Web sites you regularly visit. While the fact that you frequently visit ESPN may not be a problem, such attack techniques can tell the phisher exactly which online bank you use, allowing her to tailor deception-based phishing emails so that they’re far more likely to dupe you. Below is a great white paper describing this attack from Sid Stamm and Markus Jakobsson. A live interactive demo of their attack can be seen by visiting their Browser Recon page, which will tell you exactly which online banks you’ve logged into in the past. Scary stuff.