[SecurityRatty] tag: manuals

DIY Phishing Pages With Command and Control Interfaces

Thu, 06 Nov 2008 03:31:43 +0000

The day when DIY phishing pages start coming with manuals is the day when consciously or subconsciously a phisher is lowering down the entry barriers into phishing for yet another time. A much more user-friendly compared to the old-fashioned -- yet effective -- rock phish directory listing, a recently released command and control interface for Rapidshare phishing campaigns aims to empower its users with easy dynamic link generation for their campaigns.

What they've managed to achieve is another trust factor since Rapidshare generates a second dynamic link upon clicking on the original one. The script not only generates a dynamically looking link, but also, actually logs in the victim into their account in order to avoid suspicion whereas it still logs all the accounting data.

Scammers also tend to be ironic every then and now. For instance, in this particular case, one of the users finds it ironic that the Rapidshare phishing page is hosted at Rapidshare itself. Is the script actually working? It appears so at least going through a misconfigured accounting data dump left by one of the phishers.

Related posts:
Phishing Pages for Every Bank are a Commodity
DIY Phishing Kits
DIY Phishing Kit Goes 2.0
DIY Phishing Kits Introducing New Features
209 Host Locked
209.1 Host Locked
66.1 Host Locked

Blogging as therapy

Tue, 29 Jul 2008 21:13:11 +0000

As some of you know, my friend Mitchell Ashley and his wife Mary Ellen have been battling against breast cancer for over 3 years now. It has been a roller coaster ride for both of them and I have seen first hand how much courage it has taken for Mitchell to deal with this scourge, let alone the courage that Mary Ellen has in battling this disease. Though Mitchell has never made a secret of it, he has not made it very public either. That has now changed with a new blog that Mitchell started call breastcancerforhusbands.com.

Mitchell wants to share his experience as the "other" spouse in this life and death battle that too many couples face. He is looking to make it a resource for others faced with a similar battle. But there is part of doing this which is therapeutic for Mitchell as well. Talking about what he is feeling and going through helps him deal with the emotions and toll it takes. At the same time he is providing resources to those who may be in need.

I applaud Mitchell for being brave enough to come forward and face these demons publicly. Though we do not work together every day, Mitchell and I still speak almost every day. I know that he and Mary Ellen fight this each and every day and am constantly amazed at their faith in God and courage. If you get a chance, check out the blog and support Mitchell, Mary Ellen and the rest of the people who do battle with this terrible disease every day.

Quick thoughts on using the iPhone 3G

Tue, 22 Jul 2008 05:36:00 +0000

So I got my iPhone 3G on Friday morning and have been using it for a few days now. I have never used one before, don't use an iPod or even a Mac computer. The iPhone was incredibily easy to use and without using and manuals quickly had a most everything working and downloaded a bunch of apps from the app store.

Over all, the iPhone just is really nice to use and in many ways very easy, polished and intuitive. In other ways, it is still missing some key features in my book:

Sort and filter email be date, sender, etc.
Select more than one mail at a time to delete, move, copy. Yes I know you can go to edit and select messages to work on, but you still have to select them one at a time. In Windows Mobile you can just run your finger over multiple messages to complete this.
Deleting duplicate contacts in bulk. Doing them one at a time is just painful
A task manager. I would like to see some list that shows me which apps are running, how many resources they are using, battery usage and stuff like that. Also to shut down running apps
Better calendar integration. I tried to click on and open calendar items, but just does not seem to work.
The battery sucks! I am not getting more than about 6 to 7 hours of battery time. I think I have to turn off the push for my Exchange email. This is much less that I was getting on my Windows Mobile phone.

I do like the phone, the iPod MP3 and camera and the overall "feel" of the phone. Went to the Apple store in the maill (which was jam packed) and bought a rubberized case, but was unable to get a phone car charger for it yet. I ordered one for 5 bucks on Amazon and will see it if works.

All in all, things are OK but I am going to withhold my final verdict for a while yet.

Quick thoughts on using the iPhone 3G

Tue, 22 Jul 2008 04:36:00 +0000

Over all, the iPhone just is really nice to use and in many ways very easy, polished and intuitive. In other ways, it is still missing some key features in my book:

Sort and filter email be date, sender, etc.
Select more than one mail at a time to delete, move, copy. Yes I know you can go to edit and select messages to work on, but you still have to select them one at a time. In Windows Mobile you can just run your finger over multiple messages to complete this.
Deleting duplicate contacts in bulk. Doing them one at a time is just painful
A task manager. I would like to see some list that shows me which apps are running, how many resources they are using, battery usage and stuff like that. Also to shut down running apps
Better calendar integration. I tried to click on and open calendar items, but just does not seem to work.
The battery sucks! I am not getting more than about 6 to 7 hours of battery time. I think I have to turn off the push for my Exchange email. This is much less that I was getting on my Windows Mobile phone.

All in all, things are OK but I am going to withhold my final verdict for a while yet.

When does a bodyguard need to shoot into a crowd?

Tue, 24 Jun 2008 19:28:00 +0000

A story out of Mumbai,India caught my attention today. A politician's bodyguard shot into a crowd of people and killed a man.

While professional Executive Protection Agents no longer refer to themselves as "bodyguards", if we nonetheless examine that "handle", we can break it down as; "a person who guards (protects) the body of another". If I was tasked with the investigation of this shooting incident in India, one of the very first places I would look at would be the training manuals of those involved. If they were Policemen, I would demand to be allowed to inspect that Department's training guides that were used when training their "bodyguards". Same thing would apply if they belonged to a private company/entity.

I very seriously doubt that I would find any directive anywhere authorizing those assigned to the protective detail to fire haphazzardly into a crowd of people. To me, this suggests that the bodyguard either panicked or was placed in the position without any professional training (most probable explanation). Anyone who has spent more than 15 minutes in E.P. training knows that the responsibility of the Protective Agent(s) is to evacuate their client (Principal). Shooting into crowds of people would be out of place, even in far-fetched Hollywood. I am quite sure that Indian society is nothing near as litigious as it is here in the Western world, but I still suspect that there is a smart lawyer somewhere in India trying to contact the victim's family. I believe the case will be his for the winning.

Ironically, I contactd a company in India a couple of months back with a proposal to train their Executive Protection staff. Without ever hearing a price, they contacted me back and said they were sure they couldn't afford us (eventhough they are one of the largest employers in India). Which makes me wonder, how do you put a price on a human life and what would you consider a fair price to have your people professionally trained so that you were not sued by the family/next of kin of someone killed by one of your employees? By the way, this question can be asked of any employer anywhere in the world who is in the business of either safeguarding their own employees, or protecting the life of others.

In Real Estate it is about; "Location, Location, Location". In security, it is about; "Training, Training, Training". I sincerely hope that many get to know of this incident (including nearly all of the Hollywood stars who allow their Protectors to assault people on a regular basis)and begin to realize the importance of having a professionally trained person taking care of them. Hiring some big guy with a couple of years military experience is not good enough.

That would be like hiring a person for a plastic surgery procedure whose only experience was carving the Thanksgiving turkey. Who'd be the turkey then?

Network Based Entitlement... A Rose by Any Other Name

Sun, 15 Jun 2008 15:50:03 +0000

Shimel’s interesting-as-usual reply to one of Stiennon’s “I-hate-NAC” articles is certainly nothing new, but this most recent exchange piqued my interest enough to get me clicking and reading around a bit.

Stiennon talks about Rohati and their ‘new’ approach to NAC in the form of their NBEC, Network-based Entitlement Control. I, unlike some bloggers in our network, decided to check it out before formulating an opinion.

So, I checked it out and I’m a little disappointed… on several fronts. First, all the information I have with which to draw a conclusion is limited to the online ‘product demo’ available on their website. It’s not really a product demo, hence disappointment number 1.

Let down number 2 comes in the realization that the features they’re touting in the ‘product demo’ are actually things we can do today, with traditional hardware-based NAC solutions from those daily house-hold names… Symantec, StillSecure, Juniper, ProCurve, Enterasys and even Cisco. Rohati does (potentially) have a unique statement of being able to enforce policies without touching the client. But, again, we ‘can’ do that with several of the products I just mentioned. And I’m wondering how we could create the tunnel-like enforcement and security Rohati claims to offer without some type of agent on the client… after all, any encryption tunnel has to have endpoints, right?

I attempted what I usually do when I’m checking out security solutions, I went to the support section of the website to download product manuals or configuration and implementation guides. Even some white papers. I wanted to see how they’re really going about it all. But, disappointment number 3 jumped up and got me when I saw that the only resource on their support page was an email address. Hmm….

The company seems to be comprised mostly of long-term ex-Cisco employees. Out of the 8 members of the management team, there’s 1 President, 6 VPs and a director- 5 of which are co-founders. With just 2 years under their belt, I’m wondering what all they can have up their sleeve past a slight variation of current NAC solutions.

I may be completely wrong about the company and product(s). If I am, I’m sure someone will offer to send over some product manuals for me to read through…

The bottom line is… a rose by any other name would smell as sweet… or stink as bad.

# # #

Security Briefing: May 30th

Fri, 30 May 2008 10:29:34 +0000

What a week - it’s like I’m swimming uphill both ways and it’s snowing. An extra large helping of news to make up for being late this morning. And hey - thanks to all of our new subscribers that joined us yesterday. Welcome!

Click here to subscribe to Liquidmatrix Security Digest!

And now, the news…

The Attack that made Kevin Rose Cry - Revision3
BBC NEWS | Science/Nature | Monkey’s brain controls robot arm Always mount a scratch monkey - seriously.
Will your mobile squeal to the police? | The Register Will your mobile find a horse head in it’s bed?
Download al Qaeda manuals from the DoJ, go to prison? | The Register Another pair of articles analyzing the somewhat chilling effect of doing research and finding yourself in jail… do we accept this as a society or not?
The New Order: When reading is a crime | The Register
Facebook mob trashes Â£4.4m Spanish villa | The Register Anyone else surprised that the girl didn’t claim it was hackers — and faintly reminiscent of the Craigslist “The contents of this house must go” issue.
Bletchley Park and the decay of the museum buildings Plcurecuernxf - fcraq n craal ba gur ravtzn naq fnir gur jbeyq sebz Uvgyre ntnva - be gur npnqrzvp trgf vg.
22 French Hackers Arrested 22 SkriptKiddies singing the Jean Valjean lines from Les Miserables… the horror.
USA 2008 : Briefings Schedule All your briefs belong to Jeff Moss
Rands In Repose: We Travel in Tribes I’m sneaking this one in to see if you are paying attention - which Diamond Age phyle do you belong to?
State of the Internet It’s all about the metrics baby.
Red Curtain: An Unsung, Free Security Application Anyone willing to sing in the comments?
Computer trained to read minds Neo sez - BLUE PILL, take the frakkin blue one!
National Journal Magazine - Chinas Cyber-Militia Good catch Matt Franz - is this responsible journalism or just journalistic asshattery.
Did Hackers Cause the 2003 Northeast Blackout? Umm, No | Threat Level from Wired.com And 27/b6 weighs in on the issue… with maybe a little more journalistic integrity.

Tags: News, Daily Links, Security Blog, Information Security, Security News

Manuals (CIA and NGO)

Wed, 07 May 2008 12:57:00 +0000

Today is midweek manual day, and here's a quick selection of interesting manuals to read.

At the top of the list is the CIA's Psychology of Intelligence Analysis by Richards J. Heuer. This is a must read if you're into critical thinking and the inner game of security. It covers information gathering, analysis and the various biases that can creep in and influence decisions. The content presented in this manual should be taught in every introductory humanitarian security course.

Next up, Charlie writes in with some links to a few humanitarian security manuals and resources:

http://www.frontlinedefenders.org/manuals/protection

http://www.frontlinedefenders.org/manuals

http://www.aidworkers.net/?q=advice/security

http://ec.europa.eu/echo/evaluation/security_review_en.htm

(A few of these may seem familiar, but it's good to mention again for new blog readers.)

Terror on the Internet - Conflict of Interest

Tue, 18 Mar 2008 16:58:23 +0000

Insightful article by Greg Goth, discussing various aspects of the pros and cons of monitoring cyber jihadist sites next to shutting them down, as well as mentioning my analysis of the Mujahideen Secrets encryption tool v1.0 and v2.0. Terror on the Internet: A Complex Issue, and Getting Harder :

"Indeed, politicians around the world call at regular intervals for terrorist websites to be removed from their host sites’ servers or for search engines to block access to them. They also call for laws that would make posting instructions on how to kill or maim people or destroy property punishable by law. Franco Frattini, the European Commission’s Vice President for Freedom, Justice, and Security, called for a prohibition on websites that post bomb-making instructions in September 2007. And just as quickly, he rushed to announce that in doing so he was not trying to impinge on freedom of speech or information access or to inhibit law enforcement agencies from monitoring sites."

There're three perspectives related to cyber jihad, should the virtual communities be shut down, monitored, or censored so that they cannot be accessed by people who would potentially get radicalized and brainwashed by the amazingly well created propaganda in the form of interactive multimedia? Given the different mandates given to different intelligence services and independent researchers, is where the conflict of interest begins. Moreover, don't forget that independent researchers sometimes come up with the final piece of the puzzle to have an intelligence agency come up with the big picture in a cost-effective and timely manner, given they actually believe in OSINT and trust the source of the intell data of course. Now, picture the situation where an intelligence agency is shutting down cyber jihadist sites on a large scale not believing in the value that the intelligence data they they could provide, another one given a mandate to censor cyber jihadist communities compiling reports stating that someone's shutting them down before they could even censor them, and a third one who would have to again play cat and mouse game the locate them once they've shut down by the first intel agency already. Ironic or not, different mandates and empowerment is where the contradiction begins. Let's discuss the three mandates and go in-depth into the pros and cons of each of them to come up with a philosophic solution to the problem, as I belive it's perhaps the only way to provoke some thought on the best variant.

Shutting the communities down -

Before shuting them down you need to know where they are, their neighbourhood of supporters who will indirectly tip you on the their latest location once they have their previous domain shut down. Personal experience and third party research indicates that over 90% of the cyber jihadist communities/blogs are hosted by U.S based not owned companies. And with the lack of real-time intell sharing between the agencies themselves, the first who picks up the community will be responsible for its faith, literally. But in reality, preserving the integrity of a cyber jihadist community, and convincing the right people that balanced monitoring next to shutting it down is more beneficial, remains an idea yet to be considered. Back in 2007, I did an experiment, namely I crawled ten cyber jihadist forums and blogs and extracted all the outgoing links from these communities to see their preferred choice for online video and files hosting. A couple of months later, the communities got shut down, so when the same thing happened while I was crawling the Global Islamic Media Front's, and Inshallahshaheed's web presence, it became clear that while some are crawling, and others censoring, third parties are shutting them down.

The bottom line - shutting them down doesn't mean that they'll dissapear and will never come back, exactly the opposite. Personal experience while handling the Global Islamic Media Front is perhaps the perfect and best hands-on experience on the benefits of shutting them down, given you've built enough convidence in your abilities to locate their new location. If you think that the cyber jihadist site or community you're currently monitoring is a star, look above, it's full of starts everywhere, once you start drawing the lines between them, a figure of something known emerges, in this case once a cyber jihadist community is shut down, its most loyal and closely connected cyber jihadist communities will expose their intimate connection not by just starting to promote their new location online, but even better, you'll have them use the second cyber jihadist community to directly reach their audience by the time they set up the new location and resume the propaganda and radicalization.

There's no shortage of cyber jihadist blogs, forums and sites, and personal experience shows that upon having a cyber jihadist community shut down, they re-appear at another location. It's shut down again, it re-appears for a second time. I've seen this situation with Instahaleed and GIMF, and each and every time they had their blogs and sites removed from their hosting providers, mainly because it's rather disturbing that the majority of such communities are hosted on U.S servers, it's this short time frame which will either lead you to their new location, you risk loosing their tracks. However, the vivid supporters of PSYOPs are logically visionary enough to understand what does undermining their audiences' confidence in the community's capability to remain online means.

Monitoring the communities -

In order to reach the "shut it down or monitor it" stage in your analysis process, you really need to know where the cyber jihadists forums and sites are, else, you will be wasting your time, money and energy to create fake cyber jihadist communities in the form of web honeypots for jihadist communication. Monitoring is tricky, especially when you don't know what you're looking for, don't prioritize, don't have a contingency plan or an offline copy of the communitiy and wrongly building confidence in its ability to remain online. Moreover, monitoring for too long results in terrabytes of noise, and from a psychological perspective sometimes the rush for yet another fancy social networking graph to better communicate the collected data, ends up in the worst possible way - you miss the tipping point moment.

Censoring the communities -

I often come across wishful comments in the lines of "blocking access to bomb and poison making tutorials", missing a very important point, namely, that these very same manuals, and jihadist magazines are not residing in a cyber-jihad.com/bomb-making-guide.zip domain and file extension form, making the process a bit more complex to realize. Unless of course the censorship systems figures out ways to detect the content in password encrypted archive files served with random file names and hosted on one of the hundreds free web space providers. Then again, given the factual evidence that cyber jihadists are encouraging the use of Internet anonymization services and software, your censorship efforts will remain futile.

As I'm posting this overview of various ways of handling cyber jihadist communities, yet another community is starting to attract cyber jihadists, thanks to their understanding of noise generation by teaching the novice cyber jihadists on the basics of running and maintaing such a community. What's perhaps most important to keep in mind is that, what you're currently analyzing, trying to shut down or censor whatsoever, is the public web, the Dark Web, the one closed behind authentication and invite-only access yet remains to be located and properly analyzed. If cyber jihad is really a priority, then there's nothing more effective than the combination of independent researchers and intelligence analysts.

Related posts:
Inshallahshaheed - Come Out, Come Out Wherever You Are
GIMF Switching Blogs
GIMF Now Permanently Shut Down
GIMF - "We Will Remain"
Wisdom of the Anti Cyber Jihadist Crowd
Cyber Jihadist Blogs Switching Locations

Internet PSYOPS - Psychological Operations

Electronic Jihad v3.0 - What Cyber Jihad Isn't

Electronic Jihad's Targets List

Teaching Cyber Jihadists How to Hack

A Botnet of Infected Terrorists?
Infecting Terrorist Suspects with Malware
The Dark Web and Cyber Jihad
Cyber Jihadist Hacking Teams
Cyberterrorism - don't stereotype and it's there
Tracking Down Internet Terrorist Propaganda
Arabic Extremist Group Forum Messages' Characteristics
Cyber Terrorism Communications and Propaganda
Techno Imperialism and the Effect of Cyberterrorism
A Cost-Benefit Analysis of Cyber Terrorism
Current State of Internet Jihad
Characteristics of Islamist Websites
Hezbollah's DNS Service Providers from 1998 to 2006
Full List of Hezbollah's Internet Sites
Cyber Traps for Wannabe Jihadists
Mujahideen Secrets Encryption Tool
An Analysis of the Technical Mujahid Issue One
An Analysis of the Technical Mujahid Issue Two
Terrorist Groups' Brand Identities
A List of Terrorists' Blogs
Jihadists' Anonymous Internet Surfing Preferences
Samping Jihadist IPs
Cyber Jihadists' and TOR
A Cyber Jihadist DoS Tool
GIMF Now Permanently Shut Down
Steganography and Cyber Terrorism Communications

Tear Gas/Pepper Spray Resource

Tue, 15 Jan 2008 13:43:00 +0000

Tear gas and pepper spray are widely used by police and military forces throughout the world to control crowds. Because of the dynamic nature of protests, aid workers may find themselves exposed to riot control agents (if you've never been gassed before, the first time can be very disconcerting). Unfortunately, this topic isn't discussed very much in traditional humanitarian security training and manuals. So to learn more we need to look to other sources, in this case, street medics.

Street medics are independent, trained volunteer medical personnel who support activists during protests. Organized street medic groups have sprung up in a number of Western, urban locations. One of the groups, known as the Black Cross Health Collective, has published extensive information on the effects of and treating tear gas and pepper spray. Check it out.