Latest Entries »

John The Ripper, Now Sponsored by Rapid7

Filed Under: ./misc, Security Tools by Cujef — Leave a comment
June 23, 2011

I have copied and given credit to the following article regarding John The Ripper, the well known password cracker, from darkreading.com. I feel I am unable to reproduce the article without blatantly plagarizing, so i figured I’d just copy it and give credit. John the Ripper, got a huge update recently, and has been sponsored by the guys at Rapid7, and has been incorporated in future releases of the Metasploit framework. I’m excited to see an update to this staple tool for security testing!

[Taken from Darkreading.com]
http://www.darkreading.com/authentication/167901072/security/vulnerabilities/231000218/john-the-ripper-gets-a-face-lift.html]

One of the industry’s first open-source password-cracking tools just got a big boost in power and performance with sponsorship from Rapid7, which also plans to more tightly integrate the so-called John the Ripper tool with Metasploit.

Alexander Peslyak, founder and CTO of Openwall, which created John the Ripper, says the password security-auditing tool is now nearly 20 percent faster at cracking Data Encryption Standard (DES)-based password hashes — a major improvement to the hacking tool.

That means a major decrease in the time and effort to validate whether passwords are following company policy for strength, for instance. Openwall also is offering via open source the method by which it sped up this process, using more optimal “S-box expressions,” which are basically substitution tables used in calculations. The organization came up with a faster and more efficient way to perform these calculations.

“Recently, Roman Rusakov on our team came up with an idea on how to make use of modern computers’ much greater amounts of memory and higher processing power to approach the optimization problem differently and achieve better results in a reasonable time,” Openwall’s Peslyak says. “So this is what we did.”

Thomas Roth, an independent researcher who uses John the Ripper, says the new version of the tool is good news. “The speed-ups in the ‘s-box’ implementations sound very promising, and a speed-up of 17 percent is a great achievement,” Roth says. “Still the best way to crack DES is a cluster of FPGAs [field programmable grid arrays], [as in] projects like Deep Crack. But it’s very, very great that they decided to open source [this] in John the Ripper.”

Security researcher Joshua Perrymon uses John the Ripper for penetration testing and compliance-audit purposes. “The speed improvement will definitely help out when doing engagements that require password-cracking — especially since a lot of tools integrate with John the Ripper, like THC-Hydra, Aircrack-NG, Cain and Abel, etc. It’s good to see that Rapid7 is giving back to the community by supporting John the Ripper, which means we should see further integration with Metasploit now,” says Joshua Perrymon, CEO of PacketFocus. “The speed increase should also help while doing internal hacking assessments: Most times you want to crack any obtained passwords as fast as possible to maintain and establish access into the network without making too much noise or leaving a network footprint. Once the account credentials have been cracked, you’re in, and traffic then looks normal from an IDS/logging perspective.”

HD Moore, CSO for Rapid7 and creator of Metasploit, says John the Ripper has been a staple in security for more than 10 years, and that it will be integrated into upcoming versions of Rapid7′s commercial Metasploit products.

Password security has been the Achilles’ heel of many organizations, especially in some high-profile breaches that have exposed users still deploying easy-to-guess, weak passwords, or reusing passwords across multiple applications. Moore says there’s a strong demand for password-auditing tools by enterprises. “They don’t just want to do brute-force, but also [check] compliance with password rules,” he says. “DES matters today: It’s still the back-end algorithm … which drives Windows password-hashing. DES is faster now with this research.”

John the Ripper, which supports Unix, Windows, DOS, BeOS, and OpenVMS, is available here for download.

 

Tags: , , , ,
Comment

How to Get Rid of MacDefender

Filed Under: ./misc, Security News by Cujef — Leave a comment
May 26, 2011

So, you somehow got the new Mac malware, MacDefender. Apple has updated a support article** showing how to avoid installing, removing, and protecting against getting this lovely bit of malware.

How to Get Rid of MacDefender

MacDefender

Summary

A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender “anti-virus” software to solve the issue.

This “anti-virus” software is malware (i.e. malicious software).  Its ultimate goal is to get the user’s credit card information which may be used for fraudulent purposes.

The most common names for this malware are MacDefender, MacProtector and MacSecurity.

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants.  The update will also help protect users by providing an explicit warning if they download this malware.

In the meantime, the Resolution section below provides step-by-step instructions on how to avoid or manually remove this malware.

Products Affected

Mac OS X 10.4, Mac OS X 10.6, Mac OS X 10.5

Resolution

How to avoid installing this malware

If any notifications about viruses or security software appear, quit Safari or any other browser that you are using. If a normal attempt at quitting the browser doesn’t work, then Force Quit the browser.

In some cases, your browser may automatically download and launch the installer for this malicious software.  If this happens, cancel the installation process; do not enter your administrator password.  Delete the installer immediately using the steps below.

  1. Go into the Downloads folder or your preferred download location.
  2. Drag the installer to the Trash.
  3. Empty the Trash.

How to remove this malware

If the malware has been installed, we recommend the following actions:

  • Do not provide your credit card information under any circumstances.
  • Use the Removal Steps below.

Removal steps

  • Move or close the Scan Window
  • Go to the Utilities folder in the Applications folder and launch Activity Monitor
  • Choose All Processes from the pop up menu in the upper right corner of the window
  • Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector
  • Click the Quit Process button in the upper left corner of the window and select Quit
  • Quit Activity Monitor application
  • Open the Applications folder
  • Locate the app ex. MacDefender, MacSecurity, MacProtector or other name
  • Drag to Trash, and empty Trash

Malware also installs a login item in your account in System Preferences. Removal of the login item is not necessary, but you can remove it by following the steps below.

  • Open System Preferences, select Accounts, then Login Items
  • Select the name of the app you removed in the steps above ex. MacDefender, MacSecurity, MacProtector
  • Click the minus button

Use the steps in the “How to avoid installing this malware” section above to remove the installer from the download location.

Note: Apple provides security updates for the Mac exclusively through Software Update and the Apple Support Downloads site. User should exercise caution any time they are asked to enter sensitive personal information online.

** This material is taken from the Apple Support Article HT4650 page.

Tags: , , ,
Comment

Security Magazines

Filed Under: ./misc, Security News by Cujef — Leave a comment
April 20, 2011

In my ongoing effort to learn more and stay informed about everything in the security industry, I have come across a few security focused magazines to assist me with that ideal. Over the past few months I have subscribed to some magazines, both physical and online versions, and felt I’d share. I’ve gone ahead and itemized the list below with reference to cost, delivery method, etc. I have only listed the magazines that I personally look at and recommend. There are a bunch of other magazines out there, but if you know of other security magazines that you like and think I should look at, please let me know and post the info in the comments below.

 

2600 – The Hacker Quarterly

2600 - The Hacker QuarterlyThis one is my favorite. It is geared more toward the blackhat side of security and is well known for providing how-to’s and example of exploits.

  • Print, Digital, and Kindle/Nook versions available
  • Annual cost of $24 US for print version (multiple year and lifetime subscriptions available for discounted prices)
  • Distributed quarterly…
  • Ability to purchase back issues individually or bulk are available

 

Hakin9

As my second favorite, Hakin9 shows both high level and more advanced subjects which include everything from basic computer security to advanced mobile security, and interviews with big names in the industry.

  • Digital version available
  • Issues prior to May 2011 are free
  • Future editions will recur at $18.45 per month
  • Distributed on a monthly basis

SC Magazine

SC Magazine is a good baseline for security related material. It covers mostly higher level topics and would be best geared as a general info type of read.

  • Print or Digital versions available
  • Annual cost of $74.95 US
  • Distributed on a monthly basis

[IN]SECURE Magazine

A solid read with a little bit of everything, and best of all, it’s free!

  • Digital version available
  • Free to download
  • Distributed on a monthly basis

 

Tags: , , , ,
Comment

d0z.me – Malicious URL Shortener & HTML5 DDoS PoC

Filed Under: Security Tools by Cujef — Leave a comment
April 13, 2011

My buddy, Ben Schmidt (@_supernothing on Twitter), over at Spare Clock Cycles has blessed the world with d0z.me, a DDoS proof of concept tool written in HTML5.

d0z.me HTML5 PoC DDoS Tool

Taken from spareclockcycles.org -

“d0z.me is not intended to be used as an attack tool. Rather, it is meant as a proof of concept that serves to both illustrate the dangers posed by URL shorteners and HTML5, as well as to give concerned parties an easy way to test detection/mitigation techniques for the attack.”

I have decided to share this information to help spread the word to the security community with respect to HTML5 and it’s future onset within the internet. I ask that you please respect Ben’s work and only use this tool for testing and research purposes. As he mentions all over, I will again reiterate that YOU are responsible for any misuse and associated consequences for abusing d0z.me.

For a full description and explanation of the tool, you can read Ben’s blog post at http://spareclockcycles.org/2011/03/27/weaponizing-d0z-me/ . He has also graciously provided the security community with source code at http://code.google.com/p/d0z-me/

Tags: , , ,
Comment

Epsilon Breach and You

Filed Under: ./misc, Security News by Cujef — Leave a comment
April 8, 2011

Recently, a third party company, Epsilon, an email marketing company, was breached and a large number of email addresses and names were compromised. A large number of Fortune 500 companies and large corporations use Epsilon to handle their email marketing communication. Below you will see a list that as far as I can find is up to date as of today.

If you have accounts with any of these companies, I suggest changing your email passwords to use a secure password, and be on the lookout for any new spam you receive. If you want some help on generating a secure password, you generally want to have it be at least 12-14 characters long, avoid words from the dictionary, and use special characters and numbers. For reference, you can check out Microsoft’s password strength checker, and use their tool to give you a rough idea of how secure your password is. Or, if you want to go a step further, you can try

CBS News reports that the government has gotten involved, and if you receive a phishing attempt that you want to report to the Secret Service, you can email phishing-report@us.cert.gov.  You can also file a report at the Internet Crime Complaint Center.

The companies below have been confirmed by DataBreaches.net as having been compromised. You can visit their related post for an up to date list.

    1-800-FLOWERS
    AbeBooks
    AIR MILES Reward Program (Canada)
    Ameriprise
    Barclays Bank of Delaware (BJ’s Visa, L.L. Bean Visa)
    Beachbody
    bebe
    Best Buy
    Best Buy Canada Reward Zone
    Benefit Cosmetics (see below)
    Brookstone
    Capital One
    Charter Communications
    Citi (ExxonMobil Card, Home Depot Card, NTB Card, The Place)
    City Market
    College Board
    Crucial
    Dell Australia
    Dillons
    Disney Destinations (The Walt Disney Travel Company)
    Eddie Bauer Friends
    Eileen Fisher (doesn’t name Epsilon but same template letter)
    Ethan Allen
    Eurosport Soccer (Soccer.com)
    Food 4 Less
    Fred Meyer
    Fry’s
    Hilton Honors
    Home Shopping Network (HSN)
    Jay C
    JPMorgan Chase
    King Soopers
    Kroger
    Lacoste (and as per TG Daily)
    Marriott Rewards (FAQ on site)
    Marks & Spencer
    McKinsey Quarterly
    MoneyGram
    New York & Company
    QFC
    Ralphs
    Red Roof Inn
    Ritz-Carlton (FAQ)
    Robert Half International
    Scottrade
    Smith Brands
    Stonebridge Life Insurance
    Target
    Tastefully Simple
    TD Ameritrade
    TIAA-CREF
    TiVo
    US Bank
    Verizon
    Viking River Cruises
    Walgreens
    World Financial Network National Bank - (Ann Taylor, Catherine’s, Chadwick’s, Dressbarn, Express card, Fashion Bug, Giant Eagle fuelperks!, J Crew, Lane Bryant, Maurice’s, PotteryBarn/Kids/Teens, RadioShack, Sears, Smile Generation Financial, The Limited, United Retail Group (Avenue, Jessica London, OneStopPlus), Value City Furniture, Victoria’s Secret)
Tags: , , ,
Comment