Computer hacker Gary McKinnon has been refused permission to appeal to the UK Supreme Court against his extradition to the US.
The High Court ruled the case was not of "general public importance" to go to the UK's highest court.
Glasgow-born Mr McKinnon, 43, of Wood Green, London, is accused of breaking into the US's military computer system. Mr Mickinnon, who has Asperger's syndrome, insists he was just seeking evidence of UFOs.
Janis Sharp told BBC Radio 5 live that the ordeal had "broken" her son".
(http://news.bbc.co.uk/2/hi/uk/8298924.stm)
McKinnon's craziness manifested itself in obsessive hacking. With a joint in the ashtray and a can of Foster's next to the mousepad, he hacked Nasa, the Pentagon, and every US military installation he could get into. It was, he says, incredibly easy. He wrote a script that searched for network administrators who'd been too lazy to change their user names from "user name" and their passwords from "password". And when he found one he was in.
His testimony offers a compelling argument against conspiracy theories. He spent between five and seven years roaming the corridors of power like the Invisible Man, wandering into Pentagon offices, rifling through files, and he found no particular smoking gun about anything. He unearthed nothing to suggest a US involvement in 9/11, nothing to suggest a UFO cover-up. Nothing, he told me, except two things.
"I found a list of officers' names," he said during our first meeting in 2003, "under the heading "Non-Terrestrial Officers". I looked it up and it's nowhere. I don't think it means little green men. What I think it means is not Earth-based. What I saw made me believe that they have some kind of spaceship, off planet."
"Some kind of other Mir that nobody knows about?" I asked.
"I guess so," said McKinnon. "But I was smoking a lot of dope at the time. Not good for the intellect.
(http://www.guardian.co.uk/world/2009/aug/01/gary-mckinnon-extradition-nightmare)
OK. So should the British Government Extradite this man? I think so. He has been caught for breaking into multiple U.S. Government sites and the kicker is that he has admitted it! He claims to be searching for information on UFO's, but does it really matter? Either way he compromised a government system and he needs to be tried for it and sentenced.
"For the past seven years, in bedsits in Crouch End and Bounds Green, north London, the Pentagon hacker and UFO buff Gary McKinnon has – according to his family and friends – been suffering one long anxiety attack. He's prone to regular fits of fainting and thoughts of suicide. He's written that he can't look himself in his eyes when he's shaving in case the sight of himself sets the spiral off. He jumps out of his skin if someone touches him by surprise. I've met him sporadically during these years and can vouch that he's a chainsmoking, terrified shell.
"I'm walking down the road and I find I can't control my own legs," he has told me. "And I'm sitting up all night thinking about jail. About male rape. An American jail. I'm only a little nerd … My life is like walking through a world you know is probably going to end."
Is this guy fit to stand trial? Most likely not. He seems like he's a bit out there. I think one major issue with this guy is that he didn't/doesn't realize the consequences of his actions. Did he really think that if he hacked into anything, and was caught, that nothing would happen to him? He says, "...And I'm sitting up all night thinking about jail. About male rape. An American jail. I'm only a little nerd …" OK, well yes, shit happens in jail that isn't good, but really, you should have thought about that before you started doing illegal stuff. The news claims that he was one of the first to start messing around on the Internet and that he was testing it's boundaries. If that's the case, he should have stopped hacking after Mitnick was arrested and tried. In the end, I hope that he is extradited and that he stands trial. He deserves to go to jail, even if it is for a short term.
Sunday, October 11, 2009
The Internet Storm Center
http://www.dshield.org/indexd.html
I was looking at the dshield website today and found this interesting diary entry from yesterday.
"The Internet Storm Center is focusing on IP ports for the month of October. I am going to continue the theme, but with a bit of a twist. I am going to talk about a few of the ports that are usually not desirable to appear in a traffic analysis. There are many more than I could list, the majority associated with malware. But not all of them.
Here we go:
1214 - Limewire/Kazaa (A Peer-to-Peer application. Not by definition malware, but not something desirable in an enterprise)
2773 - SubSeven (Trojan)
5631 - pcAnywhere (A commercial remote control application)
1863 - Numerous Microsoft applicationsI want to emphasize that these listed are not necessarily bad.
The point here is awareness. Knowledge, and management, of the ports required and permitted in the enterprise, and at home, will lead to an overall improvement of the security posture of a network. This is where syslogs, traffic analysis, and documentation will tie everything together." (tony d0t carothers @ isc d0t sans d0t org)
Also, to help promote Internet security and awareness, I'm going to start posting the Internet Security Threat Level and 'On-Duty' Handler for the Internet Storm Center(ISC). If you get time, check out their site at http://www.dshield.org/. This site has a lot of interesting information including the amount of malware that is being distributed and reported. Check out the image below:
I was looking at the dshield website today and found this interesting diary entry from yesterday.
"The Internet Storm Center is focusing on IP ports for the month of October. I am going to continue the theme, but with a bit of a twist. I am going to talk about a few of the ports that are usually not desirable to appear in a traffic analysis. There are many more than I could list, the majority associated with malware. But not all of them.
Here we go:
1214 - Limewire/Kazaa (A Peer-to-Peer application. Not by definition malware, but not something desirable in an enterprise)
2773 - SubSeven (Trojan)
5631 - pcAnywhere (A commercial remote control application)
1863 - Numerous Microsoft applicationsI want to emphasize that these listed are not necessarily bad.
The point here is awareness. Knowledge, and management, of the ports required and permitted in the enterprise, and at home, will lead to an overall improvement of the security posture of a network. This is where syslogs, traffic analysis, and documentation will tie everything together." (tony d0t carothers @ isc d0t sans d0t org)
Also, to help promote Internet security and awareness, I'm going to start posting the Internet Security Threat Level and 'On-Duty' Handler for the Internet Storm Center(ISC). If you get time, check out their site at http://www.dshield.org/. This site has a lot of interesting information including the amount of malware that is being distributed and reported. Check out the image below:
Adobe Zero Day Flaw
"Adobe has alerted users to a zero day flaw in its PDF and Reader formats and has said it is already being exploited by malware writers.
The company has issued an alert and said it will release a patch for the flaw on Tuesday. In the meantime users are advised to disable JavaScript, although Adobe warned this may not be a complete solution."
“Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit. Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible. In the meantime, Adobe is also in contact with Antivirus and Security vendors regarding the issue and recommends users keep their anti-virus definitions up to date.”
So, it should be common sense to keep your antivirus up to date, but it is surprising how often I talk with people who say that they don't. As an IT guy, I really can't stress how important it is to keep your Antivirus current. In a later post I will be describing the differences between an Antivirus suite and an Internet Security Suite. Most people believe that they are perfectly protected and safe with just Antivirus. However, they really need to understand the added benefits of a firewall. Well, like I said, that will come later.
As for this flaw, I'm glad that Adobe is aware of it and making it's users aware. "Security through Obscurity is Never the Answer." This is a very important thing for companies to realize. Obscuring security flaws leads to a false sense of security for the company and for the end users.
The company has issued an alert and said it will release a patch for the flaw on Tuesday. In the meantime users are advised to disable JavaScript, although Adobe warned this may not be a complete solution."
“Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit. Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible. In the meantime, Adobe is also in contact with Antivirus and Security vendors regarding the issue and recommends users keep their anti-virus definitions up to date.”
So, it should be common sense to keep your antivirus up to date, but it is surprising how often I talk with people who say that they don't. As an IT guy, I really can't stress how important it is to keep your Antivirus current. In a later post I will be describing the differences between an Antivirus suite and an Internet Security Suite. Most people believe that they are perfectly protected and safe with just Antivirus. However, they really need to understand the added benefits of a firewall. Well, like I said, that will come later.
As for this flaw, I'm glad that Adobe is aware of it and making it's users aware. "Security through Obscurity is Never the Answer." This is a very important thing for companies to realize. Obscuring security flaws leads to a false sense of security for the company and for the end users.
Yay Microsoft! Oh wait....
More than 10,000 usernames and passwords for Windows Live Hotmail accounts were leaked online late last week, according to a report by Neowin.net , which claimed that they were posted by an anonymous user on pastebin.com last Thursday.
Well, that just isn't good! I know that just about every company is going to have some type of security breach during it's operations, but it really isn't good for Microsoft to have something like this happen to them. Already, they have bad PR due to their last OS and with the release of Windows 7 around the bend, it just plain 'ol doesn't look good. Hopefully they can get the issue sorted out and catch the guy who leaked the info/hacked the live accounts.
http://www.reuters.com/article/sarahPalin/idUS33422544820091005
Well, that just isn't good! I know that just about every company is going to have some type of security breach during it's operations, but it really isn't good for Microsoft to have something like this happen to them. Already, they have bad PR due to their last OS and with the release of Windows 7 around the bend, it just plain 'ol doesn't look good. Hopefully they can get the issue sorted out and catch the guy who leaked the info/hacked the live accounts.
http://www.reuters.com/article/sarahPalin/idUS33422544820091005
Saturday, October 10, 2009
Solitaire as a Key Generator
Here is a link to a great website dealing with security and technology: http://www.schneier.com/.
On Bruce Schneier's site, he has a very interesting encryption algorithm simply called 'Solitaire', and it is what it sounds like. The algorithm uses a deck of cards and the game solitaire to create an encryption cipher that can be used to encrypt/decrypt a message. For those of you who have read the book 'Cryptonomicon', by Neil Stephenson, this is the cryptosystem used by Enoch Root and Randy Waterhouse. Check this out:
"Solitaire gets its security from the inherent randomness in a shuffled deck of cards. By manipulating this deck, a communicant can create a string of "random" letters that he then combines with his message. Of course Solitaire can be simulated on a computer, but it is designed to be implemented by hand. Solitaire may be low-tech, but its security is intended to be high-tech. I designed Solitaire to be secure even against the most well-funded military adversaries with the biggest computers and the smartest cryptanalysts. Of course, there is no guarantee that someone won't find a clever attack against Solitaire (watch this space for updates), but the algorithm is certainly better than any other pencil-and-paper cipher I've ever seen. It's not fast, though. It can take an evening to encrypt or decrypt a reasonably long message. In David Kahn's book Kahn on Codes, he describes a real pencil-and-paper cipher used by a Soviet spy. Both the Soviet algorithm and Solitaire take about the same amount of time to encrypt a message: most of an evening.
Encrypting with Solitaire is an output-feedback mode stream cipher. Sometimes this is called key-generator (KG in U.S. military speak). The basic idea is that Solitaire generates a stream, often called a ``keystream,'' of numbers between 1 and 26. To encrypt, generate the same number of keystream letters as plaintext letters. Then add them modulo 26 to plaintext letters, one at a time, to create the ciphertext. To decrypt, generate the same keystream and subtract, modulo 26 from the ciphertext to recover the plaintext."
It's a very interesting algorithm Schneier goes through very easy to understand steps. A few practice runs and you'll be good to go!! Remember, it takes time to get it set up and executed, but it offers a great thrill once you've completed one successfully! For all of you out there who are programming nuts, he offers a multitude of premade scripts that you can use to turn this into a program. http://www.schneier.com/solitaire.html
Have fun!
On Bruce Schneier's site, he has a very interesting encryption algorithm simply called 'Solitaire', and it is what it sounds like. The algorithm uses a deck of cards and the game solitaire to create an encryption cipher that can be used to encrypt/decrypt a message. For those of you who have read the book 'Cryptonomicon', by Neil Stephenson, this is the cryptosystem used by Enoch Root and Randy Waterhouse. Check this out:
"Solitaire gets its security from the inherent randomness in a shuffled deck of cards. By manipulating this deck, a communicant can create a string of "random" letters that he then combines with his message. Of course Solitaire can be simulated on a computer, but it is designed to be implemented by hand. Solitaire may be low-tech, but its security is intended to be high-tech. I designed Solitaire to be secure even against the most well-funded military adversaries with the biggest computers and the smartest cryptanalysts. Of course, there is no guarantee that someone won't find a clever attack against Solitaire (watch this space for updates), but the algorithm is certainly better than any other pencil-and-paper cipher I've ever seen. It's not fast, though. It can take an evening to encrypt or decrypt a reasonably long message. In David Kahn's book Kahn on Codes, he describes a real pencil-and-paper cipher used by a Soviet spy. Both the Soviet algorithm and Solitaire take about the same amount of time to encrypt a message: most of an evening.
Encrypting with Solitaire is an output-feedback mode stream cipher. Sometimes this is called key-generator (KG in U.S. military speak). The basic idea is that Solitaire generates a stream, often called a ``keystream,'' of numbers between 1 and 26. To encrypt, generate the same number of keystream letters as plaintext letters. Then add them modulo 26 to plaintext letters, one at a time, to create the ciphertext. To decrypt, generate the same keystream and subtract, modulo 26 from the ciphertext to recover the plaintext."
It's a very interesting algorithm Schneier goes through very easy to understand steps. A few practice runs and you'll be good to go!! Remember, it takes time to get it set up and executed, but it offers a great thrill once you've completed one successfully! For all of you out there who are programming nuts, he offers a multitude of premade scripts that you can use to turn this into a program. http://www.schneier.com/solitaire.html
Have fun!
Bypassing the Antivirus Software
Hey all,
I'm learning a bit more about malware, and I came across a video by Chris Hurley, who is a pentester, and he shows how it's possible to alter a viruses signature using a hex editor. Hex editors can be downloaded for free, just google search 'hex editor download,' and find one that you like. This has been known for quite a long time, but I thought that I'd post it here for those of you, like me, who didn't know that you could do this. Go to http://www.uat.edu/tv/ and then find the 'Tech Forum Fall 2008' section and then Chris Hurley. I encourage you to watch the whole video, it isn't too long. Also, check out the other videos that they have on there. All of them are fairly interesting.
Enjoy!!
I'm learning a bit more about malware, and I came across a video by Chris Hurley, who is a pentester, and he shows how it's possible to alter a viruses signature using a hex editor. Hex editors can be downloaded for free, just google search 'hex editor download,' and find one that you like. This has been known for quite a long time, but I thought that I'd post it here for those of you, like me, who didn't know that you could do this. Go to http://www.uat.edu/tv/ and then find the 'Tech Forum Fall 2008' section and then Chris Hurley. I encourage you to watch the whole video, it isn't too long. Also, check out the other videos that they have on there. All of them are fairly interesting.
Enjoy!!
Thursday, October 8, 2009
Wow...So That's How it Works?!
As a disclaimer, I am not showing you this so that you can go and maliciously target a system. This is educational only... Now, with that out of the way:
In a post yesterday I said how I was writing a paper for my final. In the research process, I stumbled upon this nifty littlevideo . The video walks through how to perform a Buffer Overflow attack on a target using Fast-track, which is apart of the BackTrack disto. Fast-track trully lives up to it's name and statement of, "Where it's ok to finish in under 3 minutes..." As you can see by the video, the attacker is able to perform the buffer overflow attack on the target system and get a command prompt in 30 seconds. You know that he has obtained access to the target because he is running Linux and the starting prompt is ' root@... ' and when he successfully attacks the system his prompt changes to C:\windows. He is then able to run the 'whoami' command and gets the response of 'nt authority\system.'
In a post yesterday I said how I was writing a paper for my final. In the research process, I stumbled upon this nifty little
The Power of Python
I've decided that I'm going to learn how to program. Now, I've started this process countless times before and always seem to get distracted or discouraged after a few days. Not this time though! I found some instructional videos on youtube that have made the learning process fun and fairly easy. Check out this site, http://www.youtube.com/watch?v=4Mf0h3HphEA, and give it a shot! The instructor is easy to understand, fun, and proceeds at just the right pace. This is very helpful if you are a visual learner, like me, and need some one there to actually show you how it's done. Bucky, the instructor, jumps right on into the programming with how and where to download the software from, and I believe that you even create your first program in the first tutorial. Python is nice because it's a lot more straight forward than java. The simplest java program is as follows:
class HelloWorldApp {
public static void main(String[] args) {
System.out.println("Hello World!"); // Display the string.
}
}
Where as the simplest python program is:
print "Hello, World!"
You can simply type that in and press enter and you've created yourself a program. I've completed the first 20 lessons and I'm enjoying it thoroughly. Plus, the tutorials are between 2 and 10 minutes a piece, so you don't have to commit a ton of time to each one.
class HelloWorldApp {
public static void main(String[] args) {
System.out.println("Hello World!"); // Display the string.
}
}
Where as the simplest python program is:
print "Hello, World!"
You can simply type that in and press enter and you've created yourself a program. I've completed the first 20 lessons and I'm enjoying it thoroughly. Plus, the tutorials are between 2 and 10 minutes a piece, so you don't have to commit a ton of time to each one.
Use Your Mind
At University of Advancing Technology, they are going to be implementing a new piece of hardware. When I first read about this on the site page, I was highly doubtful it would actually work. The new technology uses 'brain-waves' to control a gaming universe. Go here http://www.neurosky.com/ and check it out. They offer a couple videos demonstrating their technology. One of their competitors, Emotiv, http://www.emotiv.com/, uses similar technology but on a wider scale and incorporating head tracking into their device. I haven't had an opportunity to purchase or use one of these yet, but believe me, as soon as I get the funds to buy one, I will.
This technology opens up endless possibilities for being incorporated into games, software, programming, etc. In one demo from Emotive, an individual uses the device to control an electric wheelchair. Emotive also claims that their device can be used in any game available today. An example would be using it in the Harry Potter games or The Elder scrolls IV: Oblivion, to cast spells or shoot an arrow, open doors, etc. If anyone has had an opportunity to try this out, please post your thoughts!
This technology opens up endless possibilities for being incorporated into games, software, programming, etc. In one demo from Emotive, an individual uses the device to control an electric wheelchair. Emotive also claims that their device can be used in any game available today. An example would be using it in the Harry Potter games or The Elder scrolls IV: Oblivion, to cast spells or shoot an arrow, open doors, etc. If anyone has had an opportunity to try this out, please post your thoughts!
Wednesday, October 7, 2009
my school project
I'm currently enrolled at UAT for Computer Forensics, and I'm in the final week of my second course, Security Essentials. Our final project for the week was to write a paper on some topic dealing with security. I decided to do a brief overview of some of the tools hackers use to attack and maintain control of a system. When I'm done with the paper, I might just post it here, but for now, go check out www.remote-exploit.org. This site is home to the BackTrack Linux distro and it's filled with great security tools. For a list of tools, go here-> https://wiki.remote-exploit.org/backtrack/wiki/Category. I've been using it at home a bit, just playing around and what not, and it's interesting what all you can do with this nice bootable DVD. The .ISO can be found on their site and I believe that they are up to BackTrack4 now. I use BT3 since at the time it was the latest stable image. Enjoy!
Subscribe to:
Posts (Atom)