Philippine Bloggers/News Compass

Hits for this post:341

subscribe RSS: Eon Security blog

Eon Security Blog » MITM, almost: Redux

Posted 17 months ago

Apparently one of my OpenWRT boxes still uses OpenDNS. I was checking my Godaddy account then a Mozilla Firefox security error popped up. Note the https at the end of the host.I didn't accept the certificate since I was already logged in. Unfortunately it didn't happen again so I was not able to verify. Was it a one time or … [Link]

Eon Security Blog » ICC stack-security-check

Posted 17 months ago

Recently I've been playing with the Intel C++/C Compiler. Code produced by the compiler reportedly are optimized better than GCC's. I'd say it's overrated and only gives perceived speed increase for common use. I noticed that by default it produces AT&T assembly instead of Intel. Anyway, I'm more interested in its security feature.$ icc -help…-fstack-security-check enable overflow [Link]

Eon Security Blog » DDoS progress

Posted 17 months ago

The Gala Coral Group reported that last year their gambling sites got hit by a 10Gb DDoS attack. The Information Security Officer spoke at the recently concluded e-Crime Congress 2008. I'm not sure of the exaggerations but an interesting part is:Attackers disguised the build up of traffic from up to 30,000 PC and Apple Mac botnet computers during the attack … [Link]

Eon Security Blog » Recycle

Posted 17 months ago

Easily recycle thousands of compromised boxes using these easy stepsSearch for commonly used defacer messagesPick a defaced siteFind out how they got inPatch the entrance (optional)RepeatBecause of forgotten web applications lying around web directories not updated those steps can be very effective. Some defacements can go undetected for many years. If someone can create or edit files in web [Link]

Eon Security Blog » MITM, almost

Posted 17 months ago

Yesterday I wanted to check my bank balance. Clicked on the my bank's ebanking interface but I was presented to what looks like a self-signed certificate warning. Not a good sign as this means a possible MITM. For comparison the self-signed certificate is here. A legit certificate from the bank is here.I proceed to accept the self-signed certificate to see … [Link]

Eon Security Blog » Holes

Posted 17 months ago

A week ago the OpenBSD 4.2 errata page have been updated with two fixes or vulnerabilities, depending on who you ask. In case you are not aware, OpenBSD doesn't have formal or official security advisories. You have to check the errata page for security vulnerabilities.008: RELIABILITY FIX: February 25, 2008 All architecturesMalformed IPv6 routing headers can cause a kernel panic.007: … [Link]

Eon Security Blog » Violent Upgrade Cycle

Posted 17 months ago

A RedHat fan visited the NASA Telescience Lab to check out the RHEL and Fedora Core installations. One of the pictures caught my attention.If it ain't broke, don't upgrade it, right? Actually one of the guys in the lab told me they are in the process of upgrading to Fedora 8 and playing with 9 alpha.This machine is possibly http://countdown.ksc.nasa.gov/. … [Link]

Eon Security Blog » Big Mac

Posted 17 months ago

PayPal warns against using Apple's Safari:Safari doesn't make PayPal's list of recommended browsers because it doesn't have two important anti-phishing security features, according to Michael Barrett, PayPal's chief information security officer.A perfectly valid reasoning. A couple of Mac users cannot seem to understand the precaution suggested.In other news, Apple customer service [Link]

Eon Security Blog » Revisiting OOB

Posted 17 months ago

I was reading the entry for TCP at Wikipedia, one thing that caught my attention is the description of Out of Band data. The verbatim description:You are able to interrupt or abort the queued stream instead of waiting for the stream to finish. This is done by specifying the data as urgent. This will tell the receiving program to process … [Link]

Eon Security Blog » Point and Click Trojan

Posted 17 months ago

SharK definitely dumbs down Trojan creation, requires no programming skill at all. It allows for the creation of malware with features such as:encryptionpolymorphismcustom payloadsvirtual machine detectioncompressiondebugger detectionpassword miningremote managementsoftware inventoryactive process and network connection informationcapture desktop and webcam imagesrecord audiolog keystrokesanalyze [Link]

Eon Security Blog » Posix File Capabilities

Posted 17 months ago

I mentioned before that suid binaries are getting scarce. In Linux, since 2.6.19-rc5-mm2 posix file capabilities are implemented. It was introduced into mainline in 2.6.24-rc2.As an example let's look at the ping program, as you may know ping needs CAP_NET_RAW to generate raw packets and the old practice is to make the ping executable binary suid root. Tinyping is a … [Link]

Eon Security Blog » Post Valentine DDoS

Posted 17 months ago

As seen from various sources such as Arbor, Shadowserver and a couple of gambling sites, DDoS is back in the limelight. Gambling sites were getting hit since around Valentine's day.I've noticed small 12-hour attacks from Feb 13-15 on a couple of gambling sites hosted here in the Philippines. I reckon the attack is not directed to the sites I'm monitoring … [Link]

Eon Security Blog » No credit = exploit

Posted 17 months ago

Because Microsoft refused to credit the researcher who reported MS08-011/CVE-2008-0108 a corresponding exploit was publicly released. A person or group going by the name chujwamwdupe chujwamwdupe posted the exploit to Full-disclosure.Unfortunately, Microsoft has refused to credit you using the name you requested.I think there's a mixup in the iDefense Labs advisory, unless sillypea is [Link]

Eon Security Blog » Top 10 Podcast Episodes

Posted 17 months ago

Over the years I have compiled my favorite security podcast episodes. Here is my list of top ten shows. Most of these episodes are interviews. Here they are in no particular order:The Silver Bullet Security Podcast, Show 013 - An Interview with Ross Anderson Gary McGraw interviews Ross Anderson author of the book Security Engineering. He is one of the … [Link]

Eon Security Blog » OpenDNS proxying

Posted 17 months ago

An old issue but new to me. Their supposed to be reason for doing this is ridiculous. $ dig @resolver1.opendns.com www.google.com; <<>> DiG 9.4.1-P1 <<>> @resolver1.opendns.com www.google.com; (1 server found);; global options: printcmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3375;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:; [Link]

Eon Security Blog » Coredumps

Posted 17 months ago

I noticed a design error similar to CVE-2007-6206 in DragonFly BSD. It is reported that OpenBSD and FreeBSD exhibit the same.