USB Killer

2015.03.11

The basic idea of the USB drive is quite simple. When we connect it up to the USB port, an inverting DC/DC converter runs and charges capacitors to -110V. When the voltage is reached, the DC/DC is switched off. At the same time, the filed transistor opens. It is used to apply the -110V to signal lines of the USB interface. When the voltage on capacitors increases to -7V, the transistor closes and the DC/DC starts. The loop runs till everything possible is broken down. Those familiar with the electronics have already guessed why we use negative voltage here. I‘ll explain to others that negative voltage is easier to commutate, as we need the N-channel field resistor, which, unlike the P-channel one, can have larger current for the same dimensions.

via USB Killer.

Inconvenient Message Detection

2015.03.02

via http://topchicksdigengineeringguys.blogspot.com/2015/03/the-inconvenient-message-detection-imd.html

Steganography that requires computing effort. Steganography is the idea of hiding data in the unimportant bits of an image. This is an old idea. The new twist is that with ‘Inconvenient Message Detection’ (IMD) that data can only be found if the decoder does an amount of computational work that’s decided by the encoder.

Let’s look at how this solved our problem: If some people use IMD, it makes every image suspect. When a mass-observer wants to see what communication is going on, they must use compute power to check every image. Furthermore, because the compute effort needed to find an image is set by the encoder, it is uncertain to the mass-observer; they never knows for certain if they’ve worked hard enough. By contrast, the intended recipient of a message presumably got the single datum that a message exists in some public image and will put in as much compute effort as is needed to find the data in that single image. Having every image on the internet be a potential carrier of secrets makes the mass observation of communication meta-data expensive and uncertain.

Furthermore, even a individual under direct observation can increase their protection with IMD. An individual may own thousands of images of which only one contains an secret. Until the secret is found by an observer, the individual has plausible denyability of the secret’s existence. The observer may even give up before spending the necessary compute effort to find it. This increases their resistance to coercion.

furbo.org · Grass Mud Horse

2015.01.29

The Chinese government is not only being deceitful with IP addresses, they’ve also begun cracking down on a mechanism that lets its citizens avoid the bullshit: VPN. Grass Mud Horse!

This action, combined with the DDoS floods, is beneficial to a government that’s intent on isolating its citizens from the free and open Internet. They make it hard to get a packet out of China, but even if you succeed, it’s likely to be blocked by a server that’s been victim of their DDoS.

On the surface, this seems like a good strategy for creating your own private Internet: a network where no packets can enter the west or leave the east.

via furbo.org · Grass Mud Horse.

I’ve been seeing a lot of probes in my logs — mostly search engines, but a fair bit that wasn’t — from China. And here you go.

DDoS attacked using Chinese torrents

2015.01.23
Categories : News

Automatically reverting configuration mistakes in JunOS and IOS

2015.01.09

The old joke goes: I don’t make mistakes. I thought I did once, but I was wrong.

But here’s how to save yourself from mistakes when configuring a JunOS or IOS device:

JUNOS is easy, “commit check”, “commit confirmed” and the handy “rollback”. Frankly, if you’re on a JUNOS device, you should already know about these.

But how to do the same on IOS? Cisco’s configurations happen as soon as you hit enter on the config, right?

Here’s how:

  • The brute force method: “reload in 5”. Write your proposed changes in notepad++ (or notepad.exe if you insist). Login to the device that you’re going to change, and before you do any of your changes, run “reload in 5”. Then, make your changes. If you did something boneheaded that will disable the device or your connection to it, the device will reload from it’s start-config in 5 minutes, effectively erasing your running-config.

Of course, if this is a shared device, you’ve taken everyone offline for the time it takes the device to reboot. Or maybe you don’t want your config saved to start-config as a security measure*. So what do you do in order to prevent a reboot and still maintain the ability to revert a recently made change? Ah, you’ll be wanting the somewhat more sophisticated method 2:

  • First, turn on archive:

cisco-router#configure terminal
cisco-router(config)#archive

then configure a path for where it’ll be stored and save that:

cisco-router(config-archive)#path usbflash0:backup-config
cisco-router(config-archive)#end
cisco-router#write mem

Now you should be able to use “configure terminal revert time 5” which is IOS’ functional equivalent of JUNOS’ “commit confirmed 5”:

cisco-router#conf t revert time 5

Here it will tell you that your config is being backed up to where you told it to and that the config will be rolled back in 5 minutes. So make your changes:

cisco-router(config)#int gig 0/0

cisco-router(config-if)# shutdown

If everything is good, “configure confirm” to keep the change:

cisco-router(config-if)#configure confirm

For the truly worried, use both methods: “reload in 10” and “revert in 5”. If the revert doesn’t work, the reload will (this will still take down the router, but hey…)

Categories : HowTo  Networking  Security

Newly published NSA documents show agency could grab all Skype traffic | Ars Technica

2014.12.31

The full capture of voice traffic began in February of 2011 for “Skype in” and “Skype out” calls—calls between a Skype user and a land line or cellphone through a gateway to the public switched telephone network (PSTN), captured through warranted taps into Microsoft’s gateways. But in July of 2011, the NSA added the capability of capturing peer-to-peer Skype communications—meaning that the NSA gained the ability to capture peer-to-peer traffic and decrypt it using keys provided by Microsoft through the PRISM warrant request.

via Newly published NSA documents show agency could grab all Skype traffic | Ars Technica.

Two Dudes Prove How Easy It Is to Hack ATMs for Free Cash

2014.11.14

Around 2005, crooks discovered that the default factory-set master passcodes for the Tranax and Trident ATMs were printed right in the service manuals, which were readily available online. Triton’s master passcode was “123456.”

The manuals urged machine owners to immediately change the passcodes from the defaults, but many of the small business owners who favor the inexpensive, pedestal-sized machines never made the change. That led to an uncommon phenomenon in the world of cyber crime: hacking as a street crime.

via Two Dudes Prove How Easy It Is to Hack ATMs for Free Cash | WIRED.

 

  The tragedy is not that it happened, but that it keeps happening. But: people. Why not set them with a “must change password on first boot” bit? Because lazy people, that’s why.

Categories : News
Tags :       

Shon Harris – Logical Security, Contributor

2014.11.11

Shon Harris – Logical Security, Contributor, passed away last month, Oct 8, 2014.

Categories : News
Tags :       

An Unprecedented Look at Stuxnet, the World’s First Digital Weapon | WIRED

2014.11.03

Don’t run “strings” against files…

2014.10.27

From http://lcamtuf.blogspot.com/2014/10/psa-dont-run-strings-on-untrusted-files.html:

Many shell users, and certainly most of the people working in computer forensics or other fields of information security, have a habit of running/usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool simply scans the file for runs of printable characters and dumps them to stdout – something that is very unlikely to put you at any risk.

It is much less known that the Linux version of strings is an integral part of GNU binutils, a suite of tools that specializes in the manipulation of several dozen executable formats using a bundled library called libbfd.

Other well-known utilities in that suite include objdump and readelf.Perhaps simply by the virtue of being a part of that bundle, the strings utility tries to leverage the common libbfd infrastructure to detect supported executable formats and “optimize” the process by extracting text only from specific sections of the file. Unfortunately, the underlying library can be hardly described as safe: a quick pass with afl (and probably with any other competent fuzzer) quickly reveals a range of troubling and likely exploitable out-of-bounds crashes due to very limited range checking

Check the site for POC code. It’s old and it’s nasty.

Categories : Security