Free public WiFi

I recently found myself in an airport terminal with a laptop and time to kill. Not knowing what the WiFi options were, I let Windows XP search for available wireless networks. As you can see below, one of the networks was called “Free Public WiFi”. If this happens to you, don’t connect to a network like this.

The first two networks are each labeled “Unsecured wireless network”. Fine. But the Free Public WiFi network is described by Windows as an “Unsecured computer-to-computer network”. As the name implies, this network connects to a computer run by a total stranger somewhere nearby in the terminal.

Normally wireless networks are created, run and governed by a router. But, two WiFi-enabled computers can talk directly to each other without the need for a router-based network. Another term for this type of network is “ad-hoc”. Personally, I’ve never needed or used an ad-hoc computer-to-computer network.

How unusual are computer-to-computer networks? I live in Manhattan, surrounded by large apartment buildings. At home, my laptop picks up 28 wireless networks. Not one of them is a computer-to-computer network.

Why would someone set up a computer-to-computer network in an airport terminal? Most likely, it is good for them and bad for you. For one thing, the network name seems a bit too obvious. Who, in an airport terminal, doesn’t want free public WiFi? It’s like asking a child if they want candy.

I always configure laptops to only connect to router based networks and suggest you do so too. Windows XP has a configuration option, shown below, that controls the type of networks it talks to.

Read the rest of the story…

Posted in Hardware, Internet, Privacy, Security | No Comments

Metagoofil 1.4 Released – Metadata and Information Gathering Tool

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) available on the target/victim website.

It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web applications, vpn and so on. Also it will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, shared resources etc.

This new version extracts MAC address from Microsoft Office documents. Now you can have an idea of what kind of hardware they are using.

All this information should not be available on the net, but most of the companies don’t have policies about information leaking… and most of them don’t know this information exists. So you can show them what information an attacker can obtain, with this simple technique.

You can download Metagoofil v1.4 here:

MetaGooFil 1.4 (tar) (20/04/2008)

Or read more here.

Source: Darknet

Posted in Internet, Privacy, Security | No Comments

New type of rootkit hidden in hardware

Security researchers have developed a new type of malicious rootkit software that hides itself in an obscure part of a computer’s chip, undetected by today’s anti-virus products.

Called a System Management Mode (SMM) rootkit, the software runs in a protected part of a computer’s memory that can be locked and rendered invisible to the operating system, but which can give attackers a picture of what’s happening in a computer’s memory.

The SMM rootkit comes with keylogging and communications software and could be used to steal sensitive information from a victim’s computer. It was built by Shawn Embleton and Sherri Sparks, from security company Clear Hat Consulting.

The proof-of-concept software will be demonstrated publicly for the first time at the Black Hat security conference in Las Vegas this August.

The rootkits used by cyber crooks today are programs designed to cover up their tracks while they run in order to avoid detection. Rootkits hit the mainstream in late 2005 when Sony BMG Music used rootkit techniques to hide its copy protection software. The music company was ultimately forced to recall millions of CDs amid the ensuing scandal.

In recent years, however, researchers have been looking at ways to run rootkits outside of the operating system, where they are much harder to detect. For example, two years ago researcher Joanna Rutkowska introduced a rootkit called Blue Pill, which used AMD’s chip-level virtualisation technology to hide itself. She said the technology could eventually be used to create “100 percent undetectable malware.”

“Rootkits are going more and more toward the hardware,” said Sparks, who wrote another rootkit three years ago called Shadow Walker. “The deeper into the system you go, the more power you have and the harder it is to detect you.”

Read the rest of the story…

Posted in Hardware, Privacy, Security | No Comments

Mass File Injection Attack

We received a report from Mike this afternoon about a couple of URLs containing a malicious JavaScript that pulls down a file associated with Zlob.  If you do a google search for these two URLs, you get about 400,000 sites that have a call to this Javascript file included in them now.  The major portion of the sites seem to be running phpBB forum software.

If you have a proxy server that logs outbound web traffic at your site, you might want to look for connection attempts to these two sites.  Internal clients that have connected may need some cleanup work.  Another preventive step would be to blacklist these two URLs.

hxxp://free.hostpinoy.info/f.js
hxxp://xprmn4u.info/f.js

Source: SANS

Posted in Internet, Privacy, Security | No Comments

Reading EXIF data with Javascript

Inspired by a comment on Ajaxian, I killed another afternoon or two making a small library capable of reading EXIF data from JPEG images, figuring I would at least learn a bit about EXIF and the JPEG (and TIFF) image formats.

Before we start, a small disclaimer. I’m somewhat of a dork when it comes to cameras and photography and my digital camera always laughs at me after I take a picture. So I won’t go into details about the actual data, since I don’t even know what half of these EXIF tags mean.

So, there are two parts to the problem. First step is to get access to the raw binary data of the JPEG. Now, while it’s easy to get to the pixel data using canvas, we don’t get any of the data around the actual image, and that’s where the interesting parts are hidden. A while back when I first started nerding around with the idea of reading data from images (for the PNG compression and other things), I also toyed with the idea of just reading binary files raw and found that other people had already done good work on this.

As it turns out, we can easily get access to binary data using simple Ajax techniques and we just need to do a few methods for reading bytes, integers and string at given offsets. Binary data is readily available through the responseText property in both Firefox and Safari, it seems, but both IE and Opera pretty much destroy the data. Luckily, IE provides another property on its XHR object, “responseBody” which holds the binary data, but unfortunately our access to this data is also rather limited in Javascript. A quick fix is given to us by VBScript. I shame myself and make a simple VBS function to call from our getByteAt function when using IE and now we’ve got binary access covered in all but Opera. If anyone knows of a way to access the data in Opera, please leave a comment.

Second step involves a lot of reading. If you’re interested, read the EXIF and TIFF specs yourself. EXIF data is basically a small TIFF file embedded within the JPEG file. Anyway, the rest is simply seeking out the relevant data portions and reading them into a Javascript structure (see exif.js).

Read the rest of this story…

Posted in Coding, Internet, Privacy, Security | 2 Comments