Mon, 29 September 2008
This week Anthony Gartner & Rob Fuller discuss the latest computer security news. Special guests are Vyrus and CP from the dc949.org group.
Discussions covered the following topics:
Rob brought up a Firefox add on called Barrier
Spoke of how we can use google alerts to help us in our daily tasks to track where our information is being sent out to.
Discussion ensued about Scroogle.org not to be confused with scoogle.com and how you can do secure searching though the site and that the site purges logs with in 48 hours.BlackBerry Encryption keys may be in the hands of the Indian Government as part of the deal with Rim.
Fri, 19 September 2008
(Apologies in advance for the short term 'wiki' look of these show notes, the public wiki will be up soon!)
On this Episode of Securabit:
Chris Gerling - Hak5chris
Chris Mills - ChrisAM
Anthony Gartner - AnthonyGartner
Jason Mueller - SecuraBit_Jay
Guest Chris Wilson
Episode 10 - A milestone!
We are all still alive even though the CERN Particle Collider has been started up.
Linode with CentOS. However, no SELinux available
For CentOS help go to: #CentOS on irc.freenode.net
Tips for configuring the new server:
Disable root login on ssh Good passwords Lock down ports
The Securabit guys started using the CentOS distribution because of its interconnections with Snort
See this site for details on how to configure Snort on CentOS
In non-security related news:
Steve Jobs Apple Special Event "Let's Rock"
Netbooks are everywhere: Even Commodore joins Netbook Crowd: http://news.cnet.com/8301-17938_105-10029963-1.html
Milworm Chrome Exploit/Vulnerabilities http://www.milw0rm.com/exploits/6353 http://www.milw0rm.com/exploits/6355 http://www.milw0rm.com/exploits/6365 http://www.milw0rm.com/exploits/6367 http://www.milw0rm.com/exploits/6372 http://www.milw0rm.com/exploits/6386 Google Chrome and Germany: http://www.salon.com/wires/ap/scitech/2008/09/09/D9338OT80_germany_google_chrome/index.html
MS Mouse: http://www.maximumpc.com/tags/bluetrack
Schneier and portable device security: http://www.schneier.com/blog/archives/2008/07/open_source_lap.html
Latest happenings with Securabit Looking for a Team and mentoring atmosphere Coming soon: New Site/wiki/forums on the Linode VPS
Chris Mills: Employer Security Expo
Talked about Password Security and showed off Rainbow Tables/Ophcrack (http://ophcrack.sourceforge.net/) and Driftnet (http://ex-parrot.com/~chris/driftnet/)
Tue, 16 September 2008
Chris Wilson brings us some Snort goodness with this 37 minute tutorial on how to build a snort sensor from scratch using CentOS.
I hope this is of use to everyone, it is very very well done!
Wed, 10 September 2008
Last night we did a spontaneous hour long interview with the guys from HacDC, a Hackerspaces group.
Chris Gerling - Hak5Chris
Thu, 4 September 2008
On this episode of SecuraBit:
Multiboot Security DVD
Mubix posted an awesome link on his blog to a Multiboot Security DVD that allows you to choose which common security distros, all on one medium!
GeeXBoX 1.1 (not geekbox )
Some distros the Securabit guys would like to see added:
RedHat/Fedora OpenSSH Compromises
As noted on the Securabit website, a Fedora and Red Hat Enterprise Linux servers were compromised.
The ComputerWorld Blog - Linux Security Idiots article explains how the servers were compromised
-Stolen SSH keys are used to gain access to the system
-After that, rootkit "phalanx2" is installed and steals more SSH keys
-Obviously this could be used to install any malware at all
After Break Banter
Best Western Pwned
Originally Discovered by The Sunday Herald. As many as 8 million accounts compromised
Vulnerbilty of BGP
This exploit of Border Gateway Protocol allows the attacker to monitor internet traffic and forward it to anywhere in the world. Five hours of traffic was forwarded to New York during Defcon 16. This vulnerability is going to be bigger than the Kaminsky DNS Vuln. Speaking of Dan, he loves Securabit!
From simple algorithms that insert info in the form of signal noise, to more powerful methods that exploit sophisticated signal processing techniques to hide information.
LSB coding (least significant bit):¬† substitute with a binary msg
Phase coding:¬† #¬† The original sound signal is broken up into smaller segments whose lengths equal the size of the message to be encoded.
A Discrete Fourier Transform (DFT) is applied to each segment to create a matrix of the phases and Fourier transform magnitudes.
Phase differences between adjacent segments are calculated.
Phase shifts between consecutive segments are easily detected. In other words, the absolute phases of the segments can be changed but the relative phase differences between adjacent segments must be preserved. Therefore the secret message is only inserted in the phase vector of the first signal segment as follows:
Two versions of SS can be used in audio steganography: the direct-sequence and frequency-hopping schemes. In direct-sequence SS, the secret message is spread out by a constant called the chip rate and then modulated with a pseudorandom signal. It is then interleaved with the cover-signal. In frequency-hopping SS, the audio file's frequency spectrum is altered so that it hops rapidly between frequencies.
Security Justice stops by
Tom and Dave from Security Justice
-Search for pics of Mubix gets you this
Forensic recovery on SSD
- no physical security hooks that prevent them from being removed from enclosures
- ultraviolet laser to wipe out lock bits (encryption) from fuses on chips that secure SSDs
- overall easier to erase data on SSD (with encryption)
vs HDD Forensics:
- Harder to fully erase data 9have to overwrite or physically damage)
- easier to fully encrypt
Jim handy: hacker could easily unsolder NAND chips from an SSD and read the data using a flash chip programmer, then reassembled using data recovery software.
Scott A. Moulton presentations on data recovery and forensics.
IRC: #securabit on irc.feenode.net
Skype Number: (469) 277-2248