Social Engineering 101: Mitnick and other hackers show how it’s done

July 20, 2008 – 12:32 PM

Kevin Mitnick knows that the weakest link in any security system is the person holding the information.

As a young fugitive hacker, he went to jail for breaking into computer networks, mostly by using his cunning and persuasion than his tech skills. He was an early master of the science of social engineering — manipulating people into doing what you want, such as giving out passwords and other information that unlocks sensitive information on networks.

Mitnick and a panel of other hackers discussed their social engineering pranks and gave live demonstrations at the Live HOPE (Hackers on Planet Earth) conference late on Saturday.

“Everything happened more than five years ago” and the statute of limitations has passed, he said. “I never said I didn’t deserve to be punished, but it really went overboard putting me in solitary confinement” for eight months.

Source:
http://news.cnet.com/8301-1009_3-9995253-83.html?part=rss&subj=news&tag=2547-1_3-0-5

Cold Boot Encryption Attack – code release

July 19, 2008 – 3:40 PM

Jacob Appelbaum, one of the security researchers who worked on the paper cold boot attack on encryption keys (featured in a previous BBtv episode, above) tells Boing Boing the code has just been released today at the [last] HOPE hacker con in NYC. It’s up, it’s signed, and here it is.

Memory Research Project Source Code [Princeton.edu]

Source:
http://www.boingboing.net/2008/07/19/cold-boot-encryption.html

Reversing malware with oSpy

July 18, 2008 – 6:55 PM

Today’s blog will be about a tool called oSpy, written by Andre Vadla Ravnas. oSpy is a tool which helps in reverse-engineering windows software. To demonstrate the uses of this tool and how it helps with network traffic monitoring, I have used a random malware sample from our repository.

Source:
http://securitylabs.websense.com/content/Blogs/3135.aspx

Researcher Offers Malware Analysis Tool

July 18, 2008 – 5:23 PM

The problem with hunting for malware is that most currently available analysis tools tip off the attacker that you’re doing it. But at next month’s Black Hat conference, a researcher will release a tool that is harder to detect — and harder to avoid — than the malware analyzers currently on the market.

Paul Royal, principal researcher at botnet hunter Damballa Inc., will make, on Aug. 6, a Black Hat presentation on a tool called Azure, which will be published as an open-source proof of concept, available for free to enterprises or vendors.

Azure is an external hardware tool that is based on Intel VT, a hardware-assisted means of virtualizing the PC. It allows the user to create the equivalent of an x86 processor-based machine that can be used to detect and analyze malware at the instruction level or at the Windows API level.

The Intel VT-based approach will be harder to detect and evade than currently available malware analysis approaches, Royal says. Today, most analyzers rely on a “sandbox” approach, in which a safe “copy” of the operating system is used for analysis. However, many malware authors now have methods for detecting these “in-guest” sandboxes and avoiding them, he observes.

Other malware analyzers, such as QEMU, emulate the x386 architecture outside the operating system, which make them more difficult for hackers to detect. However, in order to operate, these tools generally require full-system emulation, and the emulated systems don’t run quite the same way that “live” PCs do. Increasingly, attackers are able to detect the behavior of emulated systems and set their malware to exit before it’s captured by the analyzer.

Source:
http://www.darkreading.com/document.asp?doc_id=159470

YAMSIA (Yet Another Massive SQL Injection Attack)

July 18, 2008 – 6:48 AM

Clever mnemonics aside, last week we have seen another large scale SQL injection attack (or YAMSIA, if you prefer), this time being orchestrated by a botnet that has become known as Asprox—but first, a history lesson.

The code behind the Asprox botnet seems to have been around for quite some time now, but it was only in the last year that it has upgraded to a botnet where its main focus is to send phishing emails. This has changed in late May / early June of this year when the bots where issued a new set of commands–namely to start searching the Web for certain .ASP pages – and then launching an SQL injection attack against these pages (hmm … I wonder where they got that idea from).

Source:
http://blog.trendmicro.com/yamsia-yet-another-massive-sql-injection-attack/