ICEBEAR.NET

tags

Firefox Mephisto Panormamio Web trend barcode biometrics blog blue pill browser content creditcard dataportability extension funny gecko google hawkins internet kvk linux malware mashup metro microsoft mobile music n80 nepenthes newyear no-www nokia panoramio paris password photography rating review rutkowska sans scrapbook security slax spin storm symbian technologie typo vi virus weather web2.0 web20 weblog youtube

Feed

Archives

• January 2008 (1)
• December 2007 (1)
• November 2007 (1)
• October 2007 (1)
• September 2007 (5)
• August 2007 (2)
• July 2007 (2)
• June 2007 (4)
• May 2007 (4)
• April 2007 (2)
• March 2007 (2)
• February 2007 (2)
• January 2007 (1)
• December 2006 (3)
• November 2006 (1)
• October 2006 (4)

Widgets

Blogroll

• BOK
• DaMarkus

Advertisement

Blue Pill and other medicine

After reading a new article at Darkreading called ‘Black Hat Woman’. I continued to keep reading about the research that Joanna Rutkowska has done in the security field. I was already aware of her groundbreaking research on how to rootkit the unbreakable Vista with her ‘Blue Pill prototype. But I now took some extra time to have a good look at the presentation she gave at the Black Hat and SyScan presentations, paper can be found on Joanna’s personal site invisiblethings.org. In my opinion if you are interested in computer security there are some great papers from her you should read.

There is only one thing I’m very curious about what I haven’t found yet is if the code for ‘Red Pill’ is also able to discover the Blue Pill hypervisor when installed on a machine.

Well I’ll keep on reading some more papers from Joanna, and I hope she gets here driving license soon :)

Credit Card Cloning

Original posted: The Real Hustle: Credit Card Cloning

This is why you always should be very carefull with your credit card and to avoid all riks pay in cash. In reality the this threat is not much bigger then in the past. A few year ago the waitress would take your credit card with her to make a hard ink copy of the card. During this she made 2 copies one to bill you and one to steal from you. But this is a more stealthy hightech thievery.

The Evolution Of Malware Continues

Source: Internet.com / Andy Patrizio

Ever long for the good old days when all viruses did was stomp on the FAT table of your hard drive? Recently, McAfee’s Avert Labs encountered a new type of password stealer that uses Voice over Internet Protocol (VoIP) telephony provider Skype’s network to propagate. There is no vulnerability in the Skype service itself, the Trojan just uses the Skype network to move about, according to David Marcus, security research and communications manager at McAfee’s Avert Labs.

The Trojan, called PWS-JO by McAfee, Downloader by Symantec and Win32/Scypex.A by Microsoft, is considered low risk, as there are very few instances of it being found and all of the major antivirus programs will detect it. What it reflects, Marcus said, is that virus distribution has moved beyond just e-mail and Web links to a new network, in this case, VoIP.

Password stealing Trojan viruses grew by 240 percent this year, making them the largest genre of malware along with Botnets, according to an Avert Labs blog posting.

Personal zoo with unknown and known malware

Browsing though my regular websites I found this the list made by Pedro Bueno a Handler at SANS. Seeing this I thought I publish a similar list of all my collected malware so here you go and try to find the 10 differences :)

All malware listed here have a unique MD5 hash this from stopping duplicate entries.Most of these files have all been discovered by my local nepenthes honeypot, some where send to the domain via mail and others where collected via other sources.

The total of malware on my zoo on 2006-11-17 is 793
The total of known malware on 2006-11-17 is 657
The total of unknown malware on 2006-11-17 is 136

Format:
Know-DATE (YEAR-MM-DAY) are already detected by ClamAV
Unknown-DATE is the file with malware not yet identified by ClamAV
Mallist-DATE is the file with count and malware name.

For AV Companies only: The samples are free available under request. Contact: peter [at] icebear . net

known-2006-11-17.txt
unknown-2006-11-17.txt
mallist-2006-11-17.txt

Biometric Insecurity

I was reading to a number of my subscribed feeds when I came across this article ‘Study: Workers often jot down passwords’. A well written and informative article in all but while reading the third line I read the following including biometrics. I just don’t get it. As far as I know biometrics is still a method with a error rate between the 60% and 99.9%. ¹
99.9 % that sound pretty high for this kind of score you need a retina scanner. But this still means an error in every 1000 persons scanned with every 3 Boeing 747s departing from an airport they leave leave 1 passenger behind. Or worse that other way around they take a terrorist aboard. And this is like a said with the better equipment when it comes to a secure USB vault with fingerprint scan these can often be fooled by fake fingerprints or even with putting your fingers in gelatin. ²

Getting back to the article mentioned above. Passwords and workers jotting them down is indeed undermining the, most of the time, costly security implemented at the work place. But with still the relative large error rate I’ll rather bet my security on more secure and proven technologies like two factor authentication like RSA supplies them.

References: ¹ Biometrics – Wikipedia ² www.id-nee.nl(Dutch)

Nepenthes Honeypot

I’ve been running Nepenthes on my system since August 10th and I’ve been able to capture until now 44 infections with various kinds of malware. Of these 44 infections there are 28 unique versions off malware. Unfortunately my Internet access provider is still filtering my traffic from the internet on ports 445 and 139 to my honeypot. If this wasn’t the case the number off infections made to this machine would possible be a lot higher then the 44 infections currently in the database. The version of nepenthes I’m running is the one that comes out of the Subversion repository because this one has postgreSQL connection for storing al the data in my database. Most of the samples I collect this way are submitted to some antivirus vendors and to the database of Offensive Computing.

XHTML | CSS
Top

Initial Template design by Six Shooter Media. Adjusted for Mephisto by me. Monitored by mon. itor. us

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License