Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

+ - Nmap team releases 5 gigapixel favicon map 1

Submitted by iago-vL
iago-vL (760581) writes "From the creators of Nmap comes the largest survey of this its kind ever performed: the favicon.ico files of over a million Web sites were scanned, compiled, and sorted to create a 5 gigapixel image, blowing their 2010 survey out of the water! It's searchable, zoomable, and incredibly fun to play with! Can you find Slashdot without cheating? (Hint: it's near Facebook)"
Security

+ - A 512-byte "evil maid" bootloader steals user passwords->

Submitted by iago-vL
iago-vL (760581) writes "Security researcher Alex Weber has implemented a so-called "evil maid" attack in a custom bootloader, weighing in at an impressive 512 bytes. This bootloader can be written to any USB device. When booted, it displays a face CHKDSK screen, which prompts for the user's password. It saves the password to the USB device, marks itself as unbootable and reboots. The machine will start up normally, and the user never knows they were compromised! Check out the termcap or video to see it in action!"
Link to Original Source
Security

+ - Openwall Linux 3.0: no SUIDs, anti log spoofing-> 2

Submitted by solardiz
solardiz (817136) writes "Openwall GNU/*/Linux (or Owl for short) version 3.0 is out, marking 10 years of the project. Owl is a small security-enhanced Linux distro for servers, appliances, and virtual appliances. Two curious properties of Owl 3.0: no SUID programs in default install (yet the system is usable, including password changing) and logging of who sends messages to syslog (thus, a user can't have a log message appear to come, say, from the kernel or sshd). No other distro has these. Other highlights of Owl 3.0: single live+install+source CD, i686 or x86_64, integrated OpenVZ (host and/or guest), "make iso" & "make vztemplate" in included build environment, ext4 by default, xz in tar/rpm/less, "anti-Debian" key blacklisting in OpenSSH. A full install is under 400 MB, and it can rebuild itself from source."
Link to Original Source

Comment: Re:A new domain specific language is born (Score 2, Informative) 125

by iago-vL (#33346638) Attached to: Nmap Developers Release a Picture of the Web

NSE isn't actually domain specific, it's the tried, tested, and fast Lua (with extensions to make it fit with the Nmap scanner). You get the speed of Nmap to find hosts/ports plus the NSE scripts backing it up to do deeper probes.

Wireshark, Snort, Nmap, and plenty of other tools use Lua for scripting, so it's a valuable language to learn. I recommend it!

Open Source

+ - Nmap Developers release a picture of the Web->

Submitted by iago-vL
iago-vL (760581) writes "The Nmap Project recently posted an awesome visualization of the top million site icons (favicons) on the Web, sized by relative popularity of sites. Once again proving that they're the kings of scanning, this project used the Nmap Scripting Engine, which is capable of performing discovery, vulnerability detection, and anything else you can imagine with lightning speed. We saw last month how an Nmap developer downloaded 170 million Facebook names, and this month it's a million favicons. I wonder what they're going to do next?"
Link to Original Source
Security

+ - ATM Makers Release Fixes for 'Jackpotting' Flaw->

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "Two ATM manufacturers have released software updates to address the remotely exploitable vulnerabilities in their machines' firmware that IOActive researcher Barnaby Jack demonstrated line on stage at the Black Hat conference last month. In response to the demonstration, in which Jack was able to bypass the authentication mechanism on the ATMs and then load a small rootkit that he wrote, ATM manufacturers Hantle and Triton have released new versions of their firmware that fix the vulnerability. Both manufacturers are recommending that ATM owners install the updates immediately."
Link to Original Source
Social Networks

+ - Identity Theft How-To-> 1

Submitted by Anonymous Coward
An anonymous reader writes "The crew at social-engineer.org released a podcast today that is truly scary. They interviewed an identity thief and give a basic how-to into committing identity theft. The reasoning is that they want to protect the public by releasing dangerous information. They called it a 0Day for SE and I for one think that is accurate."
Link to Original Source
Security

+ - Detecting critical Apple vulnerability with Nmap-> 1

Submitted by iago-vL
iago-vL (760581) writes "Patrik Karlsson, an Nmap developer, released a script today to detect a vulnerability in the Apple Filing Protocol (afp), CVS-2010-0533. This vulnerability is trivial to exploit and allows users to view files outside of public shares. He describes this vulnerability, which he discovered inadvertently while working on the Nmap Scripting Engine (NSE), as "strikingly similar to the famous Windows SMB filesharing vulnerability from 1995." Instructions on how to detect vulnerable systems using Nmap can be found in the post linked above."
Link to Original Source
Security

+ - Taking apart the Energizer Trojan->

Submitted by iago-vL
iago-vL (760581) writes "Researchers at SkullSecurity have written a tutorial on how they reverse engineered the Energizer Trojan and generated an Nmap probe to remotely detect infections. The Energizer Trojan is a great educational tool because its inner workings are very simplistic and it makes minimal efforts to hide itself or conceal its purpose; it even lists what appears to be the author's name — "liuhong" — in the source! From infecting a test machine to debugging and disassembling the Trojan to writing the actual probe, this tutorial is a great introduction to malware analysis!"
Link to Original Source

Comment: Re:Detect it with Nmap (Score 2, Informative) 260

by iago-vL (#31404000) Attached to: Energizer USB Battery Charger Software Infects PCs

Yeah, the simple xor 'encryption' is pretty oldschool. I can't believe I didn't notice that right away myself. I didn't see it till I started looking at the send/recv functions.

As to the CLSID, good thought, but no -- the CLSID isn't a real CLSID, it's just a way of identifying its own commands. Basically, it's a list of if(!strcmpi(command, "clsid1")) { do_this() } elseif(!strcmpi(command, "clsid2")) { do_that() } etc.

It only has those 9 or so CLSID's included, and if it isn't on the list the command is simply discarded.

And for what it's worth, the initial "'\x00\x00\x00" that you're seeing is a length (0x27 = the length of the CLSID = ').

Security

+ - Creating backdoors through DNS with dnscat->

Submitted by iago-vL
iago-vL (760581) writes "SkullSecurity released a tool this week called dnscat (documentation). Designed to tunnel connections through DNS in the style of NSTX, this can bypass virtually any firewall, provided a local DNS server exists. It supports file transfers, tunneled sockets, command shells, and more! The documentation even has an example of how to tunnel an SSH session through DNS!"
Link to Original Source

Old programmers never die, they just branch to a new address.

Working...