check it out!

http://www.thedarkvisitor.com/

well, this idea is not new as it has been toying around for some time. But now, thanks to the russians, we now have a cracking / brute force software that uses gpu to reduce the time to reveal the password!!!

source : http://cyberinsecure.com/new-tool-for-graphics-cards-threaten-wireless-networks-encryption/

Russian firm ElcomSoft has applied GPU acceleration technology to a new password recovery tool that allows PCs or servers running supported NVIDIA video cards to break Wi-Fi encryption up to 100 times faster than is possible by using conventional microprocessors. Recovery times for Wi-Fi keys are increased by a factor between 10 to 15 in the use of Elcomsoft Distributed Password Recovery in combination with a regular laptop featuring NVIDIA GeForce 8800M or 9800M series GPUs. By running the same software on a desktop with two or more NVIDIA GTX 280 boards installed, this figure increases to a factor of 100.

Only works for Nvidia GPU only... Ati Fan boys have to wait...

to those who thinks i'm dead, well you are half true! LOL... here's a picture to ponder

This might be old news.. but BACKTRACK3 FINAL IS OUT! get it here -->

BACKTRACK 3 : USE AT YOUR OWN RISK!

Long time didnt posted anything.. guess was busy with work (this has nothing to do with Euro 2008, honest!)

Today I shall post about Linksys WRT54GL. My company was looking for a wireless AP, recommended 3com ( currently using one, quite stable). But alas, they dont make them like they used to... the 3com performance kinda disappointed me.

So, went to nearest IT shop and got a Linksys WRT54GL for RM 185. Uploaded the tomato speedmod firmware from here --> TOMATO SPEEDMOD. So far, the performance has been promising... will continue to monitor the Linksys WRT54GL.

Below are a few screenshot of the upgrade process. Very easy!

1. Log into the Linksys WRT54GL (192.168.1.1)

... well, it is not a vulnerability per say but guess I should inform you guys...

These are subjects and e-mail bodies used by the worm:

• All Fools' Day
• Doh! All's Fool.
• Doh! April's Fool.
• Gotcha!
• Gotcha! All Fool!
• Happy All Fools Day!
• Happy All Fools!
• Happy April Fools Day
• Happy April Fool's Day
• Happy April Fools!
• I am a Fool for your Love
• Join the Laugh-A-Lot!
• One who is sportively imposed upon by others on the first day of April
• Surprise!
• Surprise! The joke's on you.
• Today You Can Officially Act Foolish
• Today's Joke!
• Wise Men Have Learned More from Fools...

E-mails contain a link to a webserver, where the user can download the malware named as funny.exe, foolsday.exe, kickme.exe.

After executed, the malware will create aromis.exe file under Windows directory and aromis.config, into the same directory. This last one is the configuration file used by the malware to build up the botnet.

So don't be a fool and click on an april's fool email... if you do, then you are indeed a FOOL!

Guess what came thru mail today? My Fonera Router! I managed to get only ONE for now... (note : must source more for Mr AW).

For those who are wondering, Fonera-what? It is a wifi-router. But it is not an ordinary wifi router... it has be used for EVIL! This router uses an atheros chip and we all know that atheros chipset are widely supported in wireless hacking (aircrack-ng). So there is a guide on the web that teaches how to transform your fonera router into a hacking router. It wont be easy, but it will lots of fun!

For now, I will tempt you all by few pictures that I took today ....

The router came! From Hong Kong... looks like it took a beating on the way down to Malaysia...

I think by now Cain and Abel makers (oxid) are on to us. Their downloading mechanism looks like has improved. Last time we could download direct from the link. Guess they have some-kind of link protector.

But fret not. This posting is not to rant about the download mechanism found on cain and abel but about cain and abel + wireless sniffing.

We all know Cain and Abel works wondrous on wired LAN. The question is, what about the ever-popular wireless? (aka "wifi"). This idea came on while chatting with a particular someone after work (name? We will call him Mr AW, for now... :) ).

We were contemplating on the idea of Arp spoofing on wireless. Stealing password across wireless network (how cool is that?). So, we did some testing and here are the result.


CAIN AND ABEL WIRELESS SNIFFFING
- software used : Cain and Abel v Cain & Abel 4.9.14(used the Winpcap that was bundled in the software)
- wireless card : Linksys WUSB54g and Buffalo WLI-CB-G54HP
- result: Sniffing on wireless network (unencrypted, WEP, WPA) = SUCCESS!

Further investigation shows a link for the reported working wireless card (good news to Intel 3945, you guys are supported!) --> Click here to visit the link

Will try on my other wireless card (Netgear WG511t, Ubiquiti SRC 300mW,)

iTrain is hosting their highly-successful rm50 event (again). Why they called it rm50? Cause that what the course fee is! Spend your Saturday with them to gain knowledge in programming or security, for only rm50.

And for this month, is a combo! Programming and Security! For those Silverlight, Widget or Wireless Nut, don't miss this opportunity.

Another case study. Today we will be looking at devices that you plug into your computer. Mp3 players, usb toys, digital frames

• A picture frame that contains a virus?

There is W32.Rajump, which deposits the same piece of malware that infected some of Apple's video iPods during manufacturing in October 2006. It gathers Internet Protocol addresses and port numbers from infected PCs and ships them out, according to Symantec. One destination is registered to a service in China that allows people to conceal their own IP addresses.

Makes you kinda think twice when anyone gives you a usb based present, eh?

Cain and Abel, which can be found over here -> Cain and Abel , is indeed a wonderful tool to have. It has many features that can be used to exploit a Windows based pc.

The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms.

Cain and Abel can do wondrous thing. From cracking passwords, deploying backdoor services to a remote computer to sniffing password across network (HTTPS included!), Cain and Abel can do it with ease...

We all know and lead to believe that HTTPS is the answer to the weakness found in the ol' HTTP (where password are sent in clear text). HTTPS tries to change the weakness by deploying a certificate, used to decrypt and encrypt HTTP data transfer.

Cain and Abel manages to decrypt HTTPS traffic due to its ability to perform a Man-In-The-Middle attack (MiTM). This attack is quite well-known and have been much discussed by many. In a nutshell, just say that you are making a phone call to your girlfriend. The person that would have the ability to record and hear your conversation with your girlfriend would be your telco provider, wont it? So that how MiTM works. By placing himself / hacker between you and the webserver, he can read and monitor your data transfer. Sounds scary, eh? What about online banking?

A lot of online banks uses HTTPS to encrypt the password send across network and many social networking website like friendster, myspace, facebook just use good ol' HTTP.

To learn more about the attack, you can view Brian Wilson video on Cain and Abel, sniffing password across the network over here. Now remember that in this kind of attack, you are flooding your switch to become a hub. And in HTTPS traffic capture, the end user will receive a pop-up, asking them to accept a certificate. If the end user doesnt accept the certificate, he/she couldnt view the webpage. So needless to say, the end user have to accept the certificate popup in order to view his online banking page.

In short, you can deploy new algorithm of encryption on today widely used protocols (HTTP, FTP, POP, SMTP). But if the protocol itself has problems, don't expect the new encryption would mask the weakness. It would still be there. So unless someone creates a new protocol to replace HTTP TCP Stack, your password can be sniffed....

It's back! Held at the Matrade Exhibition & Convention Centre, KL on the 25th and 26th march 2008!

more info here

It reminded me of the time I spoke for them in the first Securasia Congress Event. I even demo-ed thumbdrive hacking there...

Case Study time! And this time we are looking at thumbdrive, boon or bane?

• McDonald Japan = QQ password stealer
• Sony (again?) = 1, 2, 3 and you are out!

Let's learn from our mistakes, shall we?

Autorun is nothing new for those Windows based PC user. When you plug in a thumbdrive or an external hard disk, a window will popup, like shown below

The historical fact on USB Hacks can be read from here --> Hak5.org USB Switchblade

The goal of the USB Switchblade is to silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information, etc...

The breeding spot for virus like RavMonE.exe, Flash10.exe, scandal.exe, etc...
Now this is not new in the market. If you havent read nor heard of this viruses, then either you are using Windows 95/98 or you are living in a cave. Many viruses runs amok, spreading themselves on thumbdrive faster than you can say "Speedy Gonzales". While some are non malicious, others are down right nasty by disabling some of the favorite tools used by admin (folder options, task manager and command prompt).

But dont fret, many tools on the web claims to cover or eradicate the viruses from your thumbdrive. Among them are

• Flash Disinfector by Subs (HIGHLY RECOMMENDED-cleans and prevent future attacks)
• Nokie's Flash Disinfector Batch File Update
  
• jaymyka.wen9.com virus remover - Removal Tool
  
• Jamesgo.dll Automatic Removal Tool
  
• Computer Shuts Down when you Open up CMD (Command Prompt)
  
• Say No to Drugs - iloveher.exe virus remover/removal instruction
• SmitFraudFix v2.305

As a reminder, the author and also the creator of the application are not held liable if your computer becomes a brick due to using this application.

Another good read is to disable the autorun via registry and also remove the thumbdrives that has been inserted into your computer. Steve Riley security blog mentioned about this

Last month, in my post "Autorun: good for you?" I described why I believe you should disable Autorun on all computers in your organization. I also explained how you can do this for XP and Vista computers.

Well, it turns out that Windows will override this setting if you insert a USB drive that your computer has already seen. I received an email from Susan Bradley that links to an article on Nick Brown's blog, "Memory sitck worms." Nick mentions the MountPoints2 registry key, which keeps track of all USB drives your computer has ever seen. I'll admit, I didn't know this existed! I'm glad Nick wrote about it, though.

Nick also includes a little hack that effectively disables all files named "autorun.inf." Interesting, but something in me prefers to make Windows just plain forget about all the drives it's seen. So now I will amend my instructions. In addition to what I wrote earlier, you should also write a small script, and execute it through group policy, that deletes the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

When I searched for it in my registry, I also found a few others, so maybe you'd want something that would search through the registry and delete them all, although I don't know if such a tool exists -- I've never had a need to look for something like that.

taken from http://blogs.technet.com/steriley/archive/2007/10/30/more-on-autorun.aspx

Welcome to the first post on security [in] mind. Why this blog was created? Is just a place to rant, discuss and expose the brain cells to the world of security. Why security? Cause it is fun!