January 5th, 2009 by Hescominsoon

linux_timeline.png (PNG Image, 2888×2079 pixels).

I found this interesting…enjoy.

January 4th, 2009 by Hescominsoon

SSL broken! Hackers create rogue CA certificate using MD5 collisions | Zero Day | ZDNet.com.

The sky if falling!!!!! The sky if falling!!!!! There is a ton of heavy breathing going around about this issue and it’s not necessary at all.

This is a non-issue for the majority of folks and the “solution” is only a stopgap. SSL itself..WAS NOT CRACKED only the digital signature algorithm. The proposed solution is to move to SHA-1 which has been broken since 2005 is only a stopgap at best. This is a configuration issue. ALL browsers inherently trust groups of entities as trusted so their certificates are automatically trusted. If this is removed and folks are forced to inspect the certificates this would mitigate this attack..except most folks won’t check the certs..Most of the users are lazy and therefore this convenience is added. This convenience is the reason this attack can succeed. Moving to an already broken hashing method to fix another broken hashing method to fix what is inherently a configuration problem based on laziness isn’t the fix.

This is one thing that is probably going to make national news..panic a ton of folks..and the techie community is going to stampede to SHA-1 which has been broken since 2005. I personally do not know of another hashing algorithm that’s unbroken as of yet.  SHA-1 still takes quite a bit of computational power to use it’s attack vector but it’s well within modern COTS beowulf clusters now in operation.  Since the XBOX360 has 3 cores and the PS3 has effectively 8 the amount of hardware needed to compromised SHA-1 is much less than 2005 due to increased computational power.  It won’t be long before we hear of a similar type of attack on SHA-1 either.

What does this mean to the average person?  Not much.  How can this be mitigated?  Have the browser manufacturers remove their trusted CA pools and at least make the clients have to click thought the certs.  Inspecting them is not hard really..you just have to read.  If the user doesn’t take the time to read and inspect the cert then it’s nobody else’s fault if they get nailed.

January 2nd, 2009 by Hescominsoon

Startup Founders Turn Android into Desktop OS - PC World.

Now this is itneresting.  Read on for full details.

January 2nd, 2009 by Hescominsoon

http://www.ctunion.com/node/226

1.) Open your client.ovpn file and add the following two lines to the bottom of the file:
route-method exe
route-delay 2

2) Create a shortcut to your OpenVPN GUI file. Right click the shortcut and click properties.
Under the ‘Shortcut’ tab.
Click ‘advanced’.
Check the box that says ‘Run as administrator’ and
then Click ‘OK’ and ‘OK’ again.

3. *opitonal* turn off UAC and step two is not needed.

December 26th, 2008 by Hescominsoon

Smart Host using Port 587.

I found after some seraching and asking at other forums that doing this from the gui console is not relaly possible.  Here’s one of many areas powershell comes into play:

Open Exchange Management Shell and start by checking your Send Connector(s) :
Get-SendConnector
You should get the name of your send connector(s) – like “Default Send Connector”.
If you haven’t messed up with the port configuration of the connector yet, it should be using the default port -25. It is a good idea to confirm this with the command:
Get-SendConnector | fl port

Then change the port with the command:
Set-SendConnector –Identity “Your Send Connector Name” -Port 587

If you have only one Send Connector you can use that command too:
Get-SendConnector | Set-SendConnector -Port 587

Of course, it is a good idea to check the final result again with:
Get-SendConnector | fl port

Or even take a look at the full listing for the send connector:
Get-SendConnector | fl

December 12th, 2008 by Hescominsoon

There has been a new security issue just discovered. It was only discovered after the bad guys have started using it instead of the good guys figuring it out. If you are not sure if you are running internet explorer if you use AOL, Comcast, Verizon, among others or you click the blue “E” then you are running internet explorer. This issue affects all ECC clients whether you have an ECC installed and maintained firewall server or not. This issue as of right now also is not caught by any of the top 32 anti-virus packages as well. The issue allows a hacker by use of any website he can take over to load programs that will leverage this issue to take over your machine. He can then install anything he wants to without your knowledge.

Here are the steps to work around this issue: with the most highly rated recommendations at the top:

1.  Download and install Firefox from Mozilla.com

2. Turn on DEP for IE:   Click “Tools,” “Internet Options,” then “Advanced,” and then   checking the box next to that option. Vista users may have difficulty enabling this change.

3.  Head to start then run. Type cmd and the press enter. In the box type:   Regsvr32.exe /u “Program Files\Common Files\System\Ole DB\oledb32.dll” and then press the enter key.  If you get an error contact ECC for assistance.

For the more technical folks out there this is a zero day exploit.  It an invalid pointer reference in the data binding function of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.  Updated a/v and what not right now are NO DEFENSE although I expect this to change rapidly.  Stay tuned as I hear of products being updated or other news I’ll post again.

*Update*  This is not limited to just Chinese sites anymore.  Other sites are now being compromised.  It’s time for some links:

Washington Post

Securosis

Sans Internet Storm Center

Microsoft

Shadowserver(lists compromised sites..GO HERE AT YOUR OWN RISK.  ECC IS NOT REPONSIBLE IF YOUR MAHCINE GETS TAKEN OVER OR DAMAGED)

*UPDATE*  Virustotal shows the updates are coming in for the a/v companies..but some big names stil miss it as of this posting.

*UPDATE 2*

ZDnet has a very well explained description of the mitigation techniques:

Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones:

1. On the Internet Explorer Tools menu, click Internet Options.
2. In the Internet Options dialog box, click the Security tab, and then click the Internet icon.
3. Under Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High.  If no slider is visible, click Default Level, and then move the slider to High.

Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone:

1. In Internet Explorer, click Internet Options on the Tools menu.
2. Click the Security tab.
3. Click Internet, and then click Custom Level.
4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
5. Click Local intranet, and then click Custom Level.
6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
7. Click OK two times to return to Internet Explorer.

Enable DEP for Internet Explorer 7

1. In Internet Explorer, click Tools, click Internet Options, and then click Advanced.
2. Click Enable memory protection to help mitigate online attacks.

*UPDATE* The patch has just been released.  Please visit Microsoft Update immediately

October 23rd, 2008 by Hescominsoon

Welcome to the ECC Blog!  This is where you will find various postings I have deemed important or helpful.  If you find something of interest please use the contact form to alert me.

August 27th, 2005 by Hescominsoon

Security Now!:

MS and other closed source vendors like to say because their source is closed they are more secure. In other words the fact that others do not have access to the code any zero day vulns will be kept under wraps and not pose a danger to the userbase. Listen to this podcast to find out how MS figured out that logic is completely wrong and how dangerous this philosophy is.

August 27th, 2005 by Hescominsoon

BS’ Blog:

Bryan J Smith devles into the MS file systems and compares then against Linux/Unix file sytems and digs out why MS needs defragmenting but Linux does not.
*UPDATE* Bryan has updaed the post with more XFS and clarifications

August 2nd, 2005 by Hescominsoon

*NOTE*” If i forgot to trackback you and i used your post let me know and i will correct it as soon as possible. Everyone i have linked to deserves proper credit..:)

Cicso and ISS have created quite a mess for themselves.

First, Mike Lynn showed at the BlackHat conference how to get the equivalent of root on all cisco routers using hte ipv6 modules. Cisco suddenly balked and leaned on ISS. ISS told Lynn to not disclose so he quit and did it anyway. Now Cisco has a settlement with Lynn that means lynn has to dump all of his research in this area. Also ISS has gotten the FBI involved. To top things off, Cisco/ISS are now sending Cease and desist orders to anyone who hosts the presentation photos. A huge amount of links follows and this will be updated as long as it continues to be updated.

Original Presentation
Tom’s Networking: Owning IOS at Black Hat 2005
Schneier on Security(Huge Roundup): Cisco Harasses Security Researcher
Wired: Router Flaw Is a Ticking Bomb (* note has an interview with Lynn)
BoingBoing’s original post
Search Security: Security researcher causes furor by releasing flaw in Cisco Systems IOS
Wired: Cisco Security Hole a Whopper
Wall Street Journal Online: Cisco Tries to Squelch Claim About a Flaw In Its Internet Routers

Now the coverup begins:
SecurityFocus.com: Cisco, ISS file suit against rogue researcher
ZDNET UK: Cisco tries to silence researcher
ComputerWorld.com: Furor over Cisco IOS router exploit erupts at Black Hat
Tom’s Hardware: Cisco Behaving Badly

Repurcussions begin to show themselves:
News.com: Flaw researcher settles dispute with Cisco
Makezine.com: Video of Cisco/ISS ripping out pages from printed conference books…
News.com: Cisco hits back at flaw researcher
BBC News: Cisco acts to silence researcher
Metathoughts: Audio of a Press Conference at BlackHat USA 2005 over Cisco and Michael Lynn.
Wired.com: Whistle-Blower Faces FBI Probe

Attempts to silence backfire:
SecurityFocus.com: Exploit writers team up to target Cisco routers

*Hat Tip to memestreams who gave me these links:
Dagmar’s Coverage
Memestreams: Mike Lynn’s ‘exploit’, in plain (non-technical) English
Memstreams: ISS and Cisco v. Granick?s Gambling Plans

Here is Lynn’s Attorney’s blog that has her view of things:
Granick.com

Bruce Scheiner has more information and even more links.