[SecurityRatty] tag: remotely

Lenovo service disables laptops with text message

Mon, 24 Nov 2008 21:00:00 +0000

If a laptop is lost, now there is a new way to remotely shut it down -- just text it.

Lenovo service disables laptops with text message

Mon, 24 Nov 2008 02:00:00 +0000

Lenovo announced a service that allows users to remotely disable a PC by sending a text message.

More Compromised Portfolios of Legitimate Domains for Sale

Wed, 12 Nov 2008 13:19:49 +0000

The ongoing supply of access to compromised portfolios consisting of hundreds, sometimes thousands of legitimate domains, is continuing to produce anecdotal situations. For instance, in one of the latest propositions, a cybercriminal has managed to hijack the blackhat SEO domains portfolio (8,145 domains plus another 100 legitimate ones) of another cybercriminal, and is now offering it for sale.

From an attacker's perspective, are remotely exploitable SQL injections, the insecure hosting provider's web interfaces, or the pragmatic possibility for data mining a botnet's accounting data for access to such portfolios the tactic of choice? In both of these propositions, the seller is citing vulnerabilities within the web hosting providers as an attack tactic.

The continues supply of such access is, however, a great indicator for the upcoming development of this segment within the underground marketplace in 2009.

Days numbered for standalone NAC, anti-data leakage firms?

Tue, 11 Nov 2008 21:00:00 +0000

Bargain hunting was all the talk of the 451 Group event this week in Boston, where one security pro quipped that vendors should be paying customers to install their software and where anyone remotely smelling of money became suddenly quite popular with other attendees looking to sell things.

Modified Zeus Crimeware Kit Gets a Performance Boost

Mon, 03 Nov 2008 11:12:30 +0000

Oops, they did it again - modifying an open source crimeware kit like Zeus in order to improve its performance, fix previously known bugs, and release the improved administration script for free at the end of October.

It's important to point out that both of these modifications haven't been released by the original author of Zeus, but by third parties filling in the gaps he has left open. The very nature of open source web based malware exploitation kits is one of the key factors for the ongoing convergence of traffic management, exploits serving, ddos, and cybercrime as a service features into a simplified cybercrime platform available on demand.

Following the discovery of a remotely exploitable flaw within Zeus in June -- a flaw affecting Pinch leaked out two months later -- allowing cyberciminals to inject their own credentials and hijack the botnet of other cybercriminals, this modified version claims to have fixed three vulnerabilities within the original Zeus release, namely, a remote file inclusion flaw and two SQL injections within the administration panel. Here's the new CHANGELOG :

"- code improvements and optimizations
- internal data checkings added
- exit() function instead of die()
- echo() function instead of print()
- mysql_affected_rows () changed to mysql_num_rows () everywhere
- all queries are fixed in system or mod .php files
- no text password in the database and clear text password in $_SESSION, cookies authentication is gone and md5 hashes are everywhere
- Geo IP support has been added
- umask () bug fixed, the file has been created (chmoded) with different permissions
- language improvements and pre-installation checks
- checking for php version/safe_mod/open_basedir as you're required to run php 5.1.0 or higher to run it successfully
- fixed sql injection in credentials checking
- GetUserData () function has been rewritten - possible sql injection fixed
- possible remote file inclusion fixed
- socket error definition changed
- gcnt () function has been rewritten so you can use geolication - GeoIP which is free and GeoIPCity which is paid
- ip address checking improved through validIP() function improvement
- all queries are now fixed, input data has been sanitized
- fs () function has been fixed in order to improve the quality of the log names
- formatFilePath () function has been added for file upload purposes
- arbitrary file upload bug has been fixed so that you can now upload only images with original names
- the Log2SQL () function has been changed and stricter data checking/sanitizing is added
- internal file sorting mechanism is improved so that files/dirs are sorted by file modification time"

As it's becoming increasingly clear that what once used to be a proprietary crimeware kits whose business model got undermined by their open source nature and the fact that they've started leaking for average cybercriminals and script kiddies to take advantage of, are today's "open source projects" - and therefore maintaining static lists of exploits and features included within a particular kit is getting even more irrelevant these days. In the long term, the quality assurance processes applied within crimeware kits courtesy of third party cybercriminals, is prone to shift from performance to improving the infection rates.

Tech industry group battles botnets

Thu, 30 Oct 2008 01:00:00 +0000

Several ISPs and Internet companies will meet in San Francisco early next year to adopt a common strategy for combating botnets, the remotely controlled networks that are used to carry out distributed denial-of-service attacks and massive spam campaigns.

Tech industry group battles botnets

Wed, 29 Oct 2008 21:00:00 +0000

A horse's ass approach to virtualization security - Part 3 - Data is the "constant"

Thu, 23 Oct 2008 16:51:00 +0000

The third in the series where I am trying to think through the current approaches to securing virtual environments...

See part one and two here...

Virtualization enables organizations to optimally manage their infrastructure resources. It can provide significant cost benefits (by sharing resources), flexibility (by just-in-time allocation of resources where they are needed), and agility (speed of provisioning resources). Therefore, organizations have been able to virtualize:

Devices/OS: Companies such as VMWare, Citrix, Microsoft, and Sun are providing hypervisor, virtual machine, and virtual device solutions where several virtual “devices,” “servers,” or “desktops” can mimic separate physical devices.
Networks: Virtualized networks enable dynamic collaboration by slicing bandwidth into virtual, isolated channels that can be assigned to a particular set of devices, real or virtual. Setting up new connections and collaborative environments becomes extremely easy.
Applications: Virtual applications can either be streamed down to execute on local desktops (Microsoft App-V or Altiris SVS) or executed remotely from server farms such as Citrix XenApp. This allows applications to be portable and accessible from anywhere while reducing inter-application conflicts.

However, organizations will never be able to virtualize the fourth element, I talked about in teh second blog post — the data itself. The focus of device, network, and application virtualization is about flexibility, resource sharing, and agility. This involves short life spans, since these elements are brought up to fulfill a specific short term task, and upon completion, they are brought down or even deleted. Data, however, has a lifetime beyond the short term and will therefore live on for further use or analysis in a non-virtual or subsequent virtual world.

This makes data the “constant” in a dynamically changing environment — even if the location of data itself is virtualized. Data will also have the longest lifetime of the four elements in the infrastructure and thus will have to live “outside” of the virtual environment. Therefore, from a security standpoint, it is imperative that data becomes the focus of protection - and we dont just continue protecting the infrastructure. Data is the critical asset, and since it travels across boundaries and lives longer than virtual elements, it can be easily compromised.

Remotely Eavesdropping on Keyboards

Thu, 23 Oct 2008 08:48:16 +0000

Clever work:

The researchers from the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne are able to capture keystrokes by monitoring the electromagnetic radiation of PS/2, universal serial bus, or laptop keyboards. They've outline four separate attack methods, some that work at a distance of as much as 65 feet from the target.
In one video demonstration, researchers Martin Vuagnoux and Sylvain Pasini sniff out the the keystrokes typed into a standard keyboard using a large antenna that's about 20 to 30 feet away in an adjacent room.

Website here.

Microsofts October 2008 Update Plugs Critical Vulnerabilities In IE, Office And Windows

Wed, 15 Oct 2008 19:14:01 +0000

On Tuesday Microsoft issued updates for least 20 security holes in Windows, Internet Explorer, Office, and other products. Among critical vulnerabilities were several in version 6 of the Internet Explorer browser when running on Windows 2000 and Windows XP. The vulnerabilities could allow attackers to remotely install malware on a machine with no interaction required [...]