†è¢h båbblè

My daily dose of rant & whine !

The brave story of Michael Lynn

Sunday, July 31, 2005
The Internet Security world is keeping a close eye on the Lynn-Cisco issue.The cause being Lynn being a security analyst that he is found a way to get root access in a Cisco router which obviously has Cisco IOS[Internetworking Operating System].

While Lynn did not provide a step-by-step on how to break into Cisco routers, he provided enough details for experienced professionals to figure out the rest of the process. In this report, I will show you some of the slides used during his talk and give an outline of the steps.

Cisco’s Internetworking Operating System, or IOS, is the intelligence behind most of the networking devices on the Internet. Most computer users worry about their PCs being compromised by viruses and worms, but in the grand scheme of things on the Internet, these sorts of attacks are relatively unimportant. They make the user’s individual life painful, but they don’t generally have much impact on the rest of the network.

But routers are the glue that holds the Internet together – especially Cisco’s gear, which is by far the most prevalent router hardware. A successful attack on Cisco routers can impact well, nearly everything.

Essentially, routers connect networks together. Just as there are multiple ways you can get to work, there are many ways a packet can cross the Internet. With the help of IOS, the main purpose of routers is to direct traffic across the Internet by deciding the path packets should take.



The entire article can found along with a few screenshots that were taken at Blackhat Conference : here

Blog appearance make-over !

Wednesday, July 27, 2005
Ok this blog needs a serious make-over.So I'm not gonna post till I've done enough I feel its fresh.Please bear till then.

Elizabeth Hurley talks of Cisco 2600 series

Tuesday, July 26, 2005
Yes you've read it right.Liz Hurley talking of Cisco 2600 router series.Still cant believe me?

Here is the conversation:


Erwin
Hey Liz! How about telling us about the Cisco 2600 series routers!

Liz
Well, let's see, where to start. Very well, the 2600 series is a product aimed at branch offices. They come with RISC processors and have 2 WAN card slots and 1 Network card slot.

Erwin
Not too shabby, 2 WIC slots.

Liz
Oh, I forgot, the 2600 WIC modules can also be used in the 1600, 1700 and 3600 routers, this way you can stock fewer WICs if you have these routers in your enterprise.

Erwin
How much memory do 2600s come with?

Liz
8 Megabytes of Flash and 32 Megabytes of RAM.
Erwin

The model numbers are kinda confusing, how do you know what the numbers mean?

Liz
First off, they all start with the number 26, so we can set that aside. If the last 2 digits are in the 50s that means a high performance CPU. If the last number is a 1, that means it has 2 Ethernet Ports.

The 2610 is the basic model with one Ethernet port, the 2611 has 2 Ethernet Ports.

Erwin
Can you show us a product matrix?

Liz
Sure, here goes:


Find the rest of the conversation & other celeb networking god & goddess :) here

To stealth or not to stealth

Hansen makes a perfect point which I've been making a number of occasions in discussion boards,blogs & various other places.I'll speak no more but instead let the article do the talking.I coudlnt have put it much better than this.Over to Hansen....

Stealth, when it comes to computer security, is when the computer (or other network equipment) does not issue any sort of reply to connection attempts, including ICMP echo requests (ping). I guess the idea was that if there's no response, they can't see that anything is there, and therefore you're "stealthed" from the outside world. For some reason, this was assumed to be a security enhancement because you cannot attack what you cannot see... Oh boy, is that ever wrong. "Stealth" doesn't mean you are invisible at all. Instead, it makes you stick out like a sore thumb.

A simple "ping" from the attacker travels through the cloud, and to the router in front of your firewall. Next, the echo request gets to your firewall. A stealth firewall will simply drop the echo request, and no reply is sent back to the attackers' computer. So, you're invisible, right?


Read the remaining rest from here.

It feels great when you are on track. :)

Running Windows with No Services

Monday, July 25, 2005
I stumbled across this cool piece of information.I've seen people asking for help regarding services.This piece of article should help them out.

A Windows service provides functionality to the operating system and user accounts regardless of whether anyone is logged into a system. Windows XP comes with around four dozen services enabled by default, including ones that many people consider superfluous like Remote Registry, Alerter, and SSDP Discovery (Universal Plug and Play). A question many Windows administrators commonly have is therefore, which services can I safely disable? What if I told you that for at least basic functionality like Web surfing and application execution, Windows doesn’t need any services? In fact, you can also do those things without system processes like Winlogon.exe, the interactive logon manager, and Lsass, the local security authority subsystem.

The following steps, which you must follow carefully to achieve a minimal Windows system, were derived by Dave Solomon through experimentation, and when he discovered that Windows was usable without all the core system processes we were dumbfounded. After figuring this out he and I polled senior Windows experts like the vice president of the Core Operating Systems Division, the technical lead of the Virtual PC team, and a lead Windows security architect to see if they thought that Windows would function at all, much less if Internet Explorer would work, without the support of Winlogon, Lsass, and services, and the unanimous answer was ‘no’. Even after we showed them the demonstration I’m about to share with you they all thought that we’d staged some kind of trick.


You can read the entire article here.

Drop My Rights

Friday, July 22, 2005
In a couple of earlier posts I had written about the advantages of not running as a admin use.Well here is read made tool to make things easier if they werent just incase.



DropMyRights is a tool written by Michael Howard that allows administrators to run internet-facing applications (such as email clients and web browsers) as a non-administrator. You can read about it and download it from his MSDN article "Browsing the Web and Reading E-mail Safely as an Administrator".

Since DropMyRights is a simple command-line tool, it can also be used to create "safe shortcuts" that always bring up an application as non-administrator:

You can download the tool from here: Drop My Rights

Other similar useful tools can be found here: Useful Tools

Phrack is no more

Sunday, July 17, 2005


The in-house magazine of the digital underground, Phrack, is closing after 20 years as its editorial team steps down.

As much manifesto as hacking handbook, the magazine was hugely influential in the early days of hacker culture.

It was very closely associated with legendary hacking groups such as the Legion of Doom that were the first serious explorers of cyberspace.

As hackers moved from dial-up bulletin boards on to the net, the magazine kept its place as a knowledgeable, and often scurrilous, source of security information.

For instance, issue 62 of Phrack contained articles about getting round Windows buffer overflow protections, advances in Windows shellcode, attacking Apache and hijacking wireless base stations.


contd..:BBC News

The fond memories that I've of phrack would be surely the hackers manifesto,which I still have it saved in a text file dumped in my hard drive.

The Hackers Manifesto

Another one got caught today, it's all over the papers. "Teenager
Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain,
ever take a look behind the eyes of the hacker? Did you ever wonder what
made him tick, what forces shaped him, what may have molded him?
I am a hacker, enter my world...
Mine is a world that begins with school... I'm smarter than most of
the other kids, this crap they teach us bores me...
Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain
for the fifteenth time how to reduce a fraction. I understand it. "No, Ms.
Smith, I didn't show my work. I did it in my head..."
Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is
cool. It does what I want it to. If it makes a mistake, it's because I
screwed it up. Not because it doesn't like me...
Or feels threatened by me...
Or thinks I'm a smart ass...
Or doesn't like teaching and shouldn't be here...
Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through
the phone line like heroin through an addict's veins, an electronic pulse is
sent out, a refuge from the day-to-day incompetencies is sought... a board is
found.
"This is it... this is where I belong..."
I know everyone here... even if I've never met them, never talked to
them, may never hear from them again... I know you all...
Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at
school when we hungered for steak... the bits of meat that you did let slip
through were pre-chewed and tasteless. We've been dominated by sadists, or
ignored by the apathetic. The few that had something to teach found us will-
ing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the
beauty of the baud. We make use of a service already existing without paying
for what could be dirt-cheap if it wasn't run by profiteering gluttons, and
you call us criminals. We explore... and you call us criminals. We seek
after knowledge... and you call us criminals. We exist without skin color,
without nationality, without religious bias... and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to us
and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is
that of judging people by what they say and think, not what they look like.
My crime is that of outsmarting you, something that you will never forgive me
for.

I am a hacker, and this is my manifesto. You may stop this individual,
but you can't stop us all... after all, we're all alike.

+++The Mentor+++

Administrator Account Lock Out !

Friday, July 15, 2005
Here is a excellent piece of info regarding as to why anyone shouldnt use the administrator account for ample things that a average joe does daily.

Here is a quick excerpt from the article:

The #1 reason for running as non-admin is to limit your exposure. When you are an admin, every program you run has unlimited access to your computer. If malicious or other “undesirable” code finds its way to one of those programs, it also gains unlimited access. A corporate firewall is only partial protection against the hostility of the Internet: you still browse web sites, receive email, or run one or more instant messaging clients [added 2004.06.25] or internet-connected games. Even if you keep up to date on patches and virus signatures, enable strong security settings, and are extremely careful with attachments, things happen. Let’s say you’re using your favorite search engine and click on a link that looks promising, but which turns out to be a malicious site hosting a zero-day exploit of a vulnerability in the browser you happen to be using, resulting in execution of arbitrary code. When an exploit runs with admin privileges, its ability to compromise your system is much greater, its ability to do so without detection is much greater, and its ability to attack others on your network is greater than it would be with only User privs. If the exploit happens to be written so that it requires admin privileges (as many do), just running as User stops it dead. But if you’re running as admin, an exploit can:

* install kernel-mode rootkits and/or keyloggers (which can be close to impossible to detect)
* install and start services
* install ActiveX controls, including IE and shell add-ins (common with spyware and adware)
* access data belonging to other users
* cause code to run whenever anybody else logs on (including capturing passwords entered into the Ctrl-Alt-Del logon dialog)
* replace OS and other program files with trojan horses
* access LSA Secrets, including other sensitive account information, possibly including account info for domain accounts
* disable/uninstall anti-virus
* cover its tracks in the event log
* render your machine unbootable
* if your account is an administrator on other computers on the network, the malware gains admin control over those computers as well
* and lots more

The entire article is situated over here: Why you shouldn't run as admin...

OSSTMM - Open Source Security Testing Methodology Manual



The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics. The OSSTMM test cases are divided into five channels (sections) which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases.

The OSSTMM focuses on the technical details of exactly which items need to be tested, what to do before, during, and after a security test, and how to measure the results. New tests for international best practices, laws, regulations, and ethical concerns are regularly added and updated.

Download there latest manual:OSSTMM 2.1

More Information can be got from here: ISECOM

Security Hardware :Innominate mGuard PCI

Tuesday, July 05, 2005


I was reading Tao Security blog yesterday & I noticed his post on Innominate mGuard PCI.Thought I would share this with you all.
The Innominate mGuard PCI can be operated using two different modes:

In the first, the PCI bus serves exclusively as the power supply - a driver installation is therefore unnecessary. In connection with the patented stealth mode, the Innominate mGuard PCI can be integrated not only without a driver, but also completely transparently in network structures.

In the second mode, it works as a conventional security router. In this functional mode, the Innominate mGuard takes on security and network card functions.

The Innominate Security Configuration Manager enables the convenient configuration of the Innominate mGuard PCI. The tool offers state-of-the-art management of security policies via a central, graphical interface based on well proven Solsoft technology. The Innominate Security Configuration Manager offers multi-vendor support, enabling the administrator to configure and manage. At the same time, the Innominate mGuard PCI can easily be integrated in SNMP-based management systems such as HP OpenView and IBM Tivoli.

Quote:
Technical Specifications

HARDWARE
# Low profile PCI card
# Intel IXP 42x processor with 266 MHz or 533 MHz
# 32 MB RAM or 64 MB RAM
# 16 MB Flash
# 2 x 10/100 Mbit Ethernet

SECURITY FUNCTIONS
# VPN connection, Shared Secret
# VPN connection, internal and external X.509 certificates
# IPsec protocol
# 3DES, AES hardware encryption up to 70 Mbit/sec
# L2TP
# Stateful inspection firewall
# Transparent mode

OPTIONAL VIRUS PROTECTION
# Hardware virus protection with Innominate mGuard
# Daily updating of signatures
# Email scanning

FURTHER FUNCTIONS
# Browser-based administration
# Copy-protected file system
# Secure boot loader
# DHCP client and -server
# DNS cache
# Remote administration via SSH and HTTPS

Its truely a interesting piece of hardware.

You can find more useful information on this product here.