How-To: Make a wireless keylogger
Jul 20, 2009 Security News
This one is for the nefarious Maker in all of us:
Familiar with the concept of hardware keylogging? A hardware keylogger is a perfect solution for monitoring user activity, at very low risk of disclosure. A hardware keylogger is a purely electronic device, so no access to the operating system is required, no traces are left, and software has no possibility of detecting such a device. However, the hardware keylogger concept inherits one weakness: physical access to the keylogger is required for retrieving captured data. This problem has finally found it’s solution: a Wireless Keylogger.
KeeLog has already released one open source PS/2 hardware keylogger design to the public. Now, we are doing it again with the DIY Wireless Keylogger. This design is fully free for private and commercial use…
The full How-To is here.
Thanks to Paul Asadoorian for tweeting about this.
Anti-Sec Movement Threaten Sites
Jul 15, 2009 Security News
The group calling themselves the “Anti-Sec Movement” are threatening to take out Hackforums.net and Milw0rm. Again, we have mention of the phantom SSH 0day exploit. Your guess is as good as mine about the legitimacy of these threats, however the convenient DDoS on Hackforums.net, and the fact that the email address differs from other “anti-sec” posts, makes me wonder if this in not all just another hoax.
This was posted to the Full Disclosure Mailing List today:
Message: 11
Date: Wed, 15 Jul 2009 19:29:25 +1000
From: Ant-Sec Movement
Subject: [Full-disclosure] Ant-Sec – We are going to terminate
Hackforums.net and Milw0rm.com – New Apache 0-day exploit uncovered
To: full-disclosure@lists.grok.org.uk Content-Type: text/plain; charset=”iso-8859-1″Dear members of Hackforums.net, Jesse Labrocca (AKA Omniscient),
Milw0rm.com, str0ke, and Reader,
We are the Ant-Sec movement, and we are dedicated
to eradicating full-disclosure of vulnerabilities and exploits and free
discussion on hacking related topics. We are dedicated to stalling the ocean
of script-kiddies currently trawling the Internet, and those so called
“White Hat Hackers” who benefit financially from full-disclosure; employing
scare-tactics in order to con people into buying their firewalls and
anti-virus software.Thus, our new targets are Hackforums.net and Milw0rm.com. Both are notable
within the hacking underground and the computer security world, and both
violate what the Anti-Sec movement is fighting for. Such as it is, both must
be terminated…utterly.Let us first discuss Hackforums.net. It is run by a man named Jesse
Labrocca, also known as “Omniscient” within the hacker underground. Although
he, himself, claims to not know a thing about penetrating computer systems.
Hackforums.net is perhaps one of the largest communities of hackers and
script-kiddies alike currently at large in cyber space. The beginner
section, alone, is flooded every single day with messages by script-kiddies.
The “Hacking Tutorials” section is a diamond mine of full-disclosure
information. And that is not the entirety of it. As a result, this community
MUST be terminated.Recently, the Anti-Sec movement became aware that some unknown entity has
been launching successfully crippling denial of service attacks against
Hackforums.net. Whoever you are, we of the Anti-Sec movement extend our
warmest gratitude to you and we ask that, if you’re reading this email,
please do not cease your attack against Hackforums.net. By bringing it down,
you are helping to recover the health of the Internet. Hackforums.net is a
hive of knowledge that should only be known by a select few. It MUST be
terminated. In addition, we also encourage any and all who can to launch
denial of service attacks against Hackforums.net in order to support us in
furthering our goals.We would like to stress that we will not be participating in DDOSing
Hackforums.net. The reasons for this bring us to our next topic of
discussion.In addition to our OpenSSH 0-day exploit, the Anti-Sec movement have also
unearthed an Apache 0-day vulnerability and we have subsequently developed
exploit code in order to take advantage of this vulnerability. It affects
ALL versions. We will be using this as well as our OpenSSH exploit to hack
into Hackforums.net and rm its contents, thus terminating it.As soon as, if ever, the recent crippling DDOS attacks against
Hackforums.net cease, we will strike. And in that moment, Hackforums.net
will be history. Your only hope, Hackforums, is for the heavy DDOS attacks
to never stop.Once we have dealt with Hackforums.net, we will terminate Milw0rm. Better
you had quit and left it at that, Str0ke, for now milw0rm.com will be
completely and utterly wiped. It is the second highest target after
Hackforums.net.This is our message to all. You have seen what the Anti-Sec movement can do.
We will do it again, and again, and again, until our goals are achieved.This we promise.
Sincerely,
Anti-Sec
UPDATE: It seems that perhaps that this may be nothing but a troll on the Full Disclosure list who went by the name of n3td3v causing problems: http://seclists.org/fulldisclosure/2009/Jul/0219.html
UPDATE 2: I have apparently upset someone who is using a server based in Italy and trying directory traversal attacks on this blog:
62.149.163.198 Soci Emilia-Romagna Italy
host198-163-149-62.serverdedicati.aruba.it
Threat from rogue IPv6 traffic
Jul 15, 2009 Security News
NetworkWorld has an interesting piece on the threat from rogue IPv6 traffic:
Experts say that most U.S. organizations have hidden IPv6 traffic running across their networks, and that few network managers are equipped to see, manage or block it. Increasingly, this rogue IPv6 traffic includes attacks such as botnet command and controls.
“If you aren’t monitoring your network for IPv6 traffic, the IPv6 pathway can be used as an avenue of attack,” says Tim LeMaster, director of systems engineering for Juniper’s federal group. “What network managers don’t understand is that they can have a user running IPv6 on a host and someone could be sending malicious traffic to that host without them knowing it.”
Most U.S. network managers are blind to rogue IPv6 traffic because they don’t have IPv6-aware firewalls, intrusion detection systems or network management tools. Also, IPv6 traffic is being tunneled over IPv4 connections and appears to be regular IPv4 packets unless an organization has deployed security mechanisms that can inspect tunneled traffic.
In case this you don’t understand the implications:
“We are seeing quite a bit of command and control traffic that is IPv6,” says Jason Schiller, senior Internet network engineer, global IP network engineering for the public IP network at Verizon Business. “Hackers are trying to leverage IPv6 to fly under the radar. We’re seeing a lot of bot networks where the command and control is under IPv6. We’re also seeing illegal file sharing that leverages IPv6 for peer-to-peer communications.”
Who is affected?
IPv6 traffic gets on your network because many operating systems–including Microsoft Vista, Windows Server 2008, Mac OS X, Linux and Solaris — ship with IPv6 enabled by default. Network managers have to disable IPv6 on every device that they install on their networks or these devices are able to receive and send IPv6 traffic.
The entire article is online here.
anti-sec pwnz windows mobile
Jul 14, 2009 Security News
Those entertaining fellows calling themselves “anti-sec“ claim to have discovered a 0day vulnerability in the Mozilla Fennec Mobile Browser (still trying to figure out how Fennec for Linux has anything to do with Windows Mobile, however):
From: <antisec_at_hushmail.com>
Date: Tue, 14 Jul 2009 03:39:47 -0400
If you have a windows mobile device, it may be bugged.
The government is listening, and we are too.
Blackberries.. poof.
Encryption ciphers.. so last halloween.
We dig and dig until we strike gold.
And here it is.. the one and only…
http://ftp.mozilla.org/pub/mozilla.org/mobile/fennec-1.0a1.en-
US.linux-i686.tar.bz2We upload where we see fit.
Timestamps.. so Internet-explorerish.
If you look hard enough you’ll find a 0day. 0day source warez.
Like we said, we own a windows mobile device and an ice scream
machine.Bubbles, bubbles.. float on top of water. Eat hotdogs to win the
lotto.Buy me a blackberry for christmas pops!
With these guys you never know what is up, but you have to admit that their posting is pretty damned funny: http://seclists.org/fulldisclosure/2009/Jul/0151.html.
Wifi Router that cracks your neighbour’s encryption keys
Jul 10, 2009 Security News
Wiley French hackers have hacked together a nifty idea to help combat France’s idiotic HADOPI Law:
A hacker known only as ‘N’ says he has developed some software known as ‘Hadopi Router’, a term first penned by bloggers who devised the concept. ‘N’, who is said to have previously worked manufacturing routers, says he and a few friends wrote ‘Hadopi Router’ in order to prove that the evidence gathered by the Hadopi agency is unreliable.
“It locates Wi-Fi networks in the neighborhood, then begins to crack all their passwords,” says ‘N’. “Once we have the keys, we can create a virtual access point,” which in basic terms means using the Internet connection without the account holder’s knowledge.
‘N’ says that if an ‘owned’ router has its password changed, the system automatically switches to another Wi-Fi signal in the neighborhood and starts to attack the new password.
Additionally, ‘N’ claims that with Hadopi Router it is possible to monitor activity on the cracked networks but one of his accomplices called ‘V’ says they have no bad intentions.
“We just want to release our software and allow everyone to understand that the technical data used by the Hadopi agency to accuse people will not be reliable. Because of us, the judges will not be able to say that they weren’t aware of that.”
‘N’ says he is already imagining a more ambitious strategy to distribute many dozens of modified routers to a community in order to create a “mini-network”, superimposed over existing ones.
Of course, many wireless routers already have either a complete lack of security or weak WEP encryption enabled, making them sitting ducks for drive-by infringements or less casual ones conducted by neighbors within range.
An IP address does not necessarily identify an individual, in fact one could argue that in many instances these days it doesn’t even identify a computer but merely a gateway to a sub network, behind which could be any number of individuals not linked in any way to a bill payer.
Read the whole article here.
