The most popular MP3 player, the Apple iPOD has sold 60 Million units since 2001. In addition to the iPOD there are many different and competing products in the portable music player space.
From a security standpoint the one thing they have in common is the ability to be plugged into a computer and copy huge amounts of data, possible confidential data, onto the device in a matter of a few minutes. This can be done very discreetly and easily.
A common misconception is that if the outside perimeter of your network is secured, with Firewalls and Routers, then your network is safe. Very little thought is given to the security of computers and data inside the perimeter and yet around 50% of all security breaches occur from inside the corporate firewall.
This is a very real problem, with no easy solution. If you are in charge of security for your organisation then it’s a problem you will want to address as it will not go away. There portable devices are getting smaller and their capacity is increasing.
One solution I am currently looking at is EndPointSecurity from GFI. It is not cheap, but then it probably costs a lot less than trying to fix the problems caused by your confidential data getting into the hands of your competitors.
“There’s a 4:30 in the morning now?” - Bart Simpson
Tuesday, 31 October 2006
Pod Slurping
Monday, 30 October 2006
Penetration Testing: An Overview
Introduction
Penetration Testing is an attempt to break the security of a computer system or network, under instruction from the owners or maintainers of that facility. It is an attempt to simulate an attempted break in by a computer savvy criminal. A Penetration Test gives a snapshot of the security at a moment in time, and is not a full security audit.
If a criminal attempts to breach your computer network they will generally follow a sequence of five steps:
Reconnaissance
Scanning
Gain Access
Maintain Access
Cover Tracks
It therefore makes sense that a Penetration Test follows a similar, although obviously not identical, sequence of events.
Planning and Preparation
This stage involves a meeting between the Penetration Tester and the Client. Key areas to be covered are: Scope, Objective, Timing and Duration. In addition documents must be signed to cover the Penetration Tester and the Client, generally in the form of a Non Disclosure Agreement (NDA).
Information Gathering and Analysis
This next stage involves the Penetration Tester finding as much information as possible about the company he will be asked to target. His first stop will probably be the companies own website, from there he may consult services such as www.netcraft.com, and Google Groups. The information he is looking for is Domain Names, Server Names, ISP Information, Host Addresses and anything else that will help him build a picture of the target. The second part of this process involves Port Scanning and OS Fingerprinting.
Vulnerability Detection
If Stage 2 has been successful then the Penetration Tester now has all the information he needs to make the decision as to what hosts to target, and with what vulnerabilities. Some techniques he may use at this stage include Password Cracking, SQL Injection, Rootkit, Social Engineering and Physical Security.
Analysis and Reporting
This is where the Penetration Tester reports back to his Client. The information he is going to present to the client, includes the following:
An Overview of the work done
Detailed Analysis of all Vulnerabilities
Summary of Successful Penetration Attempts
Suggestions for the next step
Finish Up
This is where the Penetration Tester makes sure that anything he has done in the course of his work will have no effect when he has finished. For example he will remove any backdoors and additional user accounts that he has created, leaving the system how he found it.
The above is a quick overview only of the procedures that may be followed by a Penetration Tester while undertaking their assignment.
Research
Conducting a Penetration Test on an Organisation: Chan Tuck Wai 2002
Penetration Testing and Network Defence: Andrew Whitaker and Daniel Newman 2005
“Don’t eat me! I have a wife and kids. Eat them!” - Homer Simpson
Tuesday, 17 October 2006
Skype Home Security !
Here’s a tip I picked up from Lifehacker.
How to use Skype as a ‘Dial In Home Security System’
1) Open two New Accounts.
2) On Account 1 add NewUser2 as your ONLY contact.
3) Login again as Account 1 and set as follows:
Go to Tools-->Options-->Advanced-->(tick) Automatically Answer Incoming Calls-->
then go to Tools-->Options-->Video-->(tick) Start Video Automatically and Only People in My Contacts-->Save.
Leave this account online.
4) Log in as Account 2 from another Computer.
Call Account 1, this will now answer and start the video running, any one else calling this account, will not get activated or see your private Web Cam.
Pretty Cool ☺
"It is difficult to say what is impossible, for the dream of yesterday is the hope of today and the reality of tomorrow." - Robert H Goddard
Sunday, 15 October 2006
Living Congruently
Apparently, according to Steve Pavlina, the key to living congruently is aligning yourself so that the following four questions all produce the same answer:
What do you want to do ? (Desire)
What can you do ? (Ability)
What should you do ? (Purpose)
What must you do ? (Need)
It’s a little like searching for the Holy Grail !
"It is best to do things systematically, since we are only human, and disorder is our worst enemy." - Hesiod
Sunday, 24 September 2006
Netstat, Built in SuperTool !
Netstat is a command line utility that is built into pretty much all the currently popular Operating Systems, Windows, OSX, Linux, Unix etc. Netstat literally shows you your NETwork STATus, including information such as what ports and programs are doing what and to whom ! In this post I intend to give a brief description of Netstat as it applies to Windows XP and Mac OSX.
As a command line program on XP you need to run Netstat within the MSDOS Prompt (Command Prompt) and on the Macintosh you need to open the Terminal program. To run the basic Netstat program on XP you need to type ‘netstat’ at the command prompt and on the Mac ‘netstat -f inet’. This difference is because on the Mac being Unix based you see a lot of additional (and in most cases unnecessary) information relating to Unix sockets unless you restrict the Mac to just the Internet related information.
The key information displayed by Netstat is as follows:
Protocol (TCP / UDP)
Socket (Local Address and/or Port)
Remote Address
State
Its worth nothing that under OSX you can use the ‘man netstat’ command to see detailed information relating to the Netstat program and under XP ‘netstat /?’.
Under XP if you would like to see information regarding what process or program is using a given connection, you can do this by using the ‘-b’ parameter. When looking at the output from Netstat the IP address 127.0.0.1 or the word localhost both mean your local machine, if 0.0.0.0 is shown, this relates to any IP address.
By default Netstat shows only current connections and connections that were recently closed. To see ports that are LISTENING, ie: Open Ports then start Netstat with the ‘-a’ parameter. This parameter works on both XP and OSX, on OSX the open ports are shows with a state of LISTEN and on XP as LISTENING. Note that these are open ports on your own machine and because the majority of people are behind a NAT router this does not necessarily mean that these ports are exposed to the internet. For information about what ports are exposed to the internet by your router then point your browser at www.grc.com and select the shields up option.
Netstat is a very powerful and useful program. Look at the help and play with the options, take control of your machine and understand what’s going off in the background.
"When you get to the end of your rope, tie a knot and hang on." - Franklin D Roosevelt
Saturday, 23 September 2006
Splitting a Key for Security
You may wish at some point to issue a key, maybe the passkey that unlocks some encrypted information, in such a way that it is only by two individuals coming together and agreeing to exchange their unique information that the key can be determined, and the information unlocked.
The obvious solution is, in the case of a 128 bit key, to split the key in half and give each individual 64 bits. This solution is of course not good as then each half of the key is now only half the strength of the original key and 64 bits is no longer strong enough. You are effectively halving the strength of your encryption.
A useful solution is to envisage a graph, the key is a point on that graph. The information that is given to each of the ‘key holders’ is a coordinate on that graph. Only when in possession of both coordinates can a line be drawn between the two. Continuing that straight line through the Y axis reveals the full key.
Simple and ingenious. Credit to Steve Gibson at www.grc.com for discussing this issue.
Marge: Homer! There’s someone here who can help you…
Homer: Is it Batman?
Marge: No, he’s a scientist.
Homer: Batman’s a scientist!
Marge: It’s not Batman!
Thursday, 14 September 2006
Wiretapping, No Warrant Needed !
Only In America. Surely. I Hope.
The Senate Judiciary Committee approved a bill that not only authorizes, but extends, US warrentless wiretapping. No accountability. No oversight. No definition of 'terrorist.'
See the full story here.
My opinion? The beginning of a very slippery slope ...
Barney: Hello, my name is Barney Gumble, and I’m an alcoholic.
Lisa: Mr Gumble, this is a girl scouts meeting.
Barney: Is it, or is it you girls can’t admit that you have a problem?
Thursday, 7 September 2006
Bump Keys
It seems that the public in the US and the UK are now becoming aware of ‘Bump Keys’. This information has been public knowledge in countries such as Germany for quite a while, I personally was first exposed to then a few months ago during a security training course. Basically a Bump Key is a key that is cut shorter and with the cuts deeper than normal. The key can then be inserted in a lock, tapped with a hammer and the door opens.
There are two major issues here: Firstly the fact that these Bump keys can open almost any lock, and secondly the fact that there is no evidence of them being used. This could mean that your insurance company believes that the original key was used to open the lock and then refuses to pay out.
Here is a link to the video that shows how Bump Keys work. It’s the one that I saw myself a while ago, I believe it is German in origin but it is subtitled in English.
Apparently locks made by Medeco and Abloy are resistant to the Bump Keys. I am not sure if these are available in the UK however. I guess it just goes to show that the criminals are always one step ahead and all we can do is play catch up as best we can ...
I believe the first time this technique was published was in the Chaos Computer Club magazine in 2005. Certainly this is the earliest reference I can find. The best article I can find on this subject is by Security Expert Mark Weber Tobias and is available on this link.
"Books are the quietest and most constant of friends; they are the most accessible and wisest of counsellors, and the most patient of teachers." - Charles W Eliot
Monday, 4 September 2006
Incredible Guitar Playing
Thursday, 31 August 2006
Secure Session Keys
When setting up a secure connection across the internet, for example between your browser and your online banking site, the key used to create the encryption has to be negotiated ‘in the clear’. What would be the point of setting up an encrypted secure channel when the key had previously been send across the network for anyone to see ? Of course the key isn’t sent across the network and the following document describes *very simply* how this key negotiation is done without the actual key being sent over the network, where of course it could be seen by anybody running Ethereal or similar network sniffing software.
The method shown below is based on the Diffie-Hellman Key Exchange which was first published in 1976. See NOTE at the end of this document.
The exchange that can is transmitted openly across the network is shown in bold.
Client tells Server the starting number. This is a prime number generated at random
Client Tells Server: STARTNUM = 5
Client then picks another random number that is not disclosed.
Client Secret Number: CLI_SECNUM = 6
Client does the following maths: STARTNUM^CLI_SECNUM = 15625
Client tells the Server: CLI_PUBNUM = 15625
Server picks a random number that is not disclosed.
Server Secret Number: SVR_SECNUM = 3
Server does the following maths: STARTNUM^SVR_SECNUM = 125
Server tells the Client: SVR_PUBNUM = 125
Client does the following maths:
SVR_PUBNUM^CLI_SECNUM = 3814697265625
Server does the following maths:
CLI_PUBNUM^SVR_SECNUM = 3814697265625
The Client and Server now have a number (3814697265625), a key, that can be used to encrypt any further transmissions between them.
So the key that was calculated in public is secret and known only to the Client and Server. This works because exponential maths in not affected by the order in which the multiplications are done (power associative), and it is virtually impossible for the 3rd Party using the data available to it (5, 15625 and 125) to calculate the secret key as it is missing the equally important data of 6 and 3 (the secret numbers).
In reality though the real strength of this method lies in the size of the numbers that are used. Our example uses very small numbers so that the maths are easily checked, a real world example would use numbers that were into the billions, depending on the bit length of the encryption used. The typical length of encryption used for this type of key exchange would be at least 512 bits.
NOTE: In actual fact the Diffie-Hellman Key Exchange works as shown above with the addition of a second prime number being used in conjunction with the STARTNUM, this second number is a primitive root modulo. I have avoided this in the calculations shown above for the sake of clarity.
“So then I said to the cop, ‘No, you’re driving under the influence … of being a jerk.’” - Lenny Leonard
