Recently in security Category

The competition is now officially over and I have to say it was AWESOME!

Those that made it to BruCON had a chance to play it, those that came to SANS London 2009 also had their fun, all the rest of you - bad luck :-/ maybe next time.

The Hex Factor was run for four evenings/nights at The Fox Bar and Restaurant located literally next to the Excel center where SANS courses were hosted. What can be better than beer, hacking and a spirit of competition?!

Tasks set by the authors were varied in difficulty and topics they covered. One category was about history and culture of hacking with a bit of general teaser tasks and was called Once Upon A Time, like finding a name of candy shop at <street name>, so that was a soft introduction.

My favorite category was Out Of The Box category (also known as Pure Leetness), where questions were really 'out of the box' and solving them was the best fun I had for a long time! First 100 points for finding a number 'hidden' in the message was really simple and here's how I did it:



I didn't have time to do the one for 200 points, but finally after some time I managed to solve the 300 points one - finding a secret number hidden in the PDF file - hats off to Didier Stevens for this task - it was amazing! Didier's blog was a great guide and help in the process.

Well... my plan to blog live from the CONFidence was good but still remained to be more of a plan than a reality. Twitting went much better (possibly because you can twitt between chats with people, drinks, etc) so I'll wrap up what happened and how it went.

The conference was great - I really liked the lectures (those I actually made to), loved the chat with speakers and it was awesome to meet some old friends and make some new contacts. Overall, if you didn't come to Warsaw for CONFidence09.02 you missed quite a lot.

Day 1 summary
There was very nice presentation by Felix "FX" Lindner on how 'awesome' Cisco IOS is, Claudio Criscone (@paradoxengine) talked about security in virtualization environments, Frank Breedijk renamed hist AutoNessus to Seccubus (new twitter feed at @seccubus), Leonardo NVE Egea showed us how you can use the satellites to work as your downlink (and it seemed much easier than actually you would think), Pavol Luptak pretty much owned the RFID there (yes, the basic cloning kit is just €30), Elisa dropped the pressure a bit with Power Point Karaoke where Felix "FX" Lindner was presenting about detecting unknown alcohols, Raoul Chiesa gave great presentation about knitting (yes, knitting) and I was rolled into a presentation about IT slang/acronyms and there was something about insulting someone :-) and that was just the first day.

Day 2 summary
For those that survived the 'afterparty' on the evening/night/morning you had a chance to see nice explanation of the cold boot attack given by Nadia Heninger, Nick DePetrillo discussed 'what could go wrong' with intelligent power grids and believe me... there's a lot! Jacob Applebaum (@ioerror) gave us some TOR love and a lot of TOR laptop stickers. Alessio "mayhem" Penasilico (@mayhemspp) and Raoul Chiesa gave nice presentation on history of hacking telcos - there was some good info there... just before Raoul killed it all with final presentation dissecting the underground economy (with some slides show just after the cameras and other recording equipment was turned off). That was a really good one...

Finishing off, Frank has posted a bunch of posts about presentations we saw in Warsaw. They are:

• Fusing 3rd party threat feeds to obtain better threat intelligence - Eddie Schwartz
• Router Exploitation - Felix "FX" Lindner
• My Seccubus slide deck (slides from Frank's presentation)
• My TLS renegotiation vulnerability slides (Frank's lightning talk during one of the breaks)
• Mifare Classic anaysis - Pavol Luptak
• Power Hungy People - Nick DePetrillo
• The Tor Project - Jacob Appelbaum
• Underground economy - Raoul Chiesa
  

That's it for now - just make sure you get there next time :P

Almost half of the day at CONFidence09.02 has already passed. Some interesting stuff of course...

Starting with Dragorn's and RenderMan's "Wireless threats; They're not dead yet!" we've heard once again how bad and how dead WEP really is. Good refresher for some people I guess. Best part was discussing client side attacks via wifi - airpwn style but without goats this time, using malicious JS with such a nice feature like browser side caching, defeating SSL, hiding all of that in plain sight with call-home feature that will be very hard to notice in most of environments.

Then I skipped several presentations - I really needed a reboot :-)

Next one I made to was Felix "FX"Lindner talking about how sweet hacking Cisco IOS can be. Frank (@autonessus) has already blogged about this one so I'll just put a few notes here.

• Cisco's HTTP admin interface runs off their understanding of HTTP and not Apache.
• IOS doesn't have recovery procedure for software crashes due to it's monolithic structure - the only remedy is to reboot the whole box (quite easy to spot even by untrained admin - the networkz are down!) which takes time (even several minutes).
• Cisco has added TCL scripting in some versions of IOS :-)

More to follow... and yes, we use #confidence0902 as hashtag.

Came out of a blue - no context, nothing... BTW - we've got new URL shortening service.
All would be almost 'fine' but WTF is that? Not that I wouldn't guess but I'm just curious how owned you can get :-)

As a matter of fact, you can get owned pretty bad and what I've seen I would expect to be just a starter... the main course is coming soon!

The news of the day in Poland is that wykop.pl - polish site doing the same stuff as digg.com - got owned in a pretty bad way - database with user's login credentials and e-mail addresses was stolen. This post is a result of gathering info from public sites (in Polish - mostly off Dziennik Internautow which gave nice coverage) so all of it is already in public domain - otherwise I wouldn't quote any fragments or call on any information given here.

Info about breach goes public

Following what Dziennik Internautow wrote in their post, on 5 Sep 2009 a person using nickname Gimbus1xD has informed administrators of wykop.pl about the breach (no link - original post taken down) and about the fact, that some of the information stolen was already used to compromise account held with other websites, including allegro.pl (auction system like eBay). To prove his revelations, Gimbus1xD posted also screen shots of compromised Allegro account with transactions that happened two days earlier and another one with PHPMyAdmin browsing 'users' table.
 
The scary part here is that as Gimbus1xD wrote, about 40% of those passwords have been broken (despite being hashed) with simple dictionary and brute-force attacks because passwords were up to 7 characters long.

Allegedly the database is in the hands of vichan.net admins, which again allegedly shared 'unhashed' database with their moderators - including Gimbus1xD, who broke the news. So far it's not clear what made Gimbus1xD change his mind and make this information public.

That's not yet the end...