Archive for the 'Exploits' Category

Cute + Malicious == Deadly

Published
by
aleksey
on June 28, 2008
in Exploits, Physical Security, Social Engineering, Targeted Attacks and Windows
. Comments

In a recent (experimental only) project, I followed one of the multiple guides such as this one on how to make a Lego case for a USB stick. To top it off, I loaded the Hak5 Switchblade packages on the sticks. When used with U3 USB autorun technology, these packages allow automatic theft of various personal data upon insertion of the stick into a Windows computer. Now, doesn’t this just crush the competition (a regular USB stick lost in the parking lot)?

The Mona Lisa

Continue reading ‘Cute + Malicious == Deadly’

SFS presentation about Synology

Published
by
Dan Guido
on April 16, 2008
in Exploits and Security Engineering
. Comment

This morning I summed up everything that happened with Synology and everything I have continued working on since my previous article was written in a deck of slides at the weekly SFS meeting.

Here is an overview of the items not covered in the previous article:

  • The director of software development at Synology contacted me one business day after my ISIS Blogs post. They have already released a firmware update to fix the most critical issues and came up with an “enhancement” plan (security fixes are not enhancements, but I digress) to fix the rest!
  • I’ve started developing ARM/Linux2.6 shellcode so I can integrate a Synology exploit into Metasploit. First try: virtualize the firmware inside of qemu. Failed. Second try: install gcc directly on device. So far so good.
  • I wrote an FTP request module for Sulley to fuzz the FTP server Synology is using. I haven’t been able to use yet because I hit the built-in connection limit on the FTP server and it starts ignoring me. That is a project for another day.

See the entire deck of slides here: http://cryptocity.net/archive/synology_presentation.pdf

Just wanted to get this out there

Published
by
Dan Guido
on April 10, 2008
in Exploits, Social Engineering and Targeted Attacks
. Comments

I’m sure most of you have read the article in BusinessWeek that turned up on Slashdot regarding the hacker attacks the US government has to deal with. If you haven’t, you really should read it because despite its obvious inaccuracies (journalists always get something horribly wrong) it’s got a ton of good information. I liked how they explained exactly how the unknown attacker uses phishing (whaling?) so effectively.

But really, my alterior motive for posting this, was so I could point out this one particularly entertaining paragraph buried in the middle of it:

Now, Senate Intelligence Committee Chairman John D. Rockefeller (D-W. Va.) is said to be discreetly informing fellow senators of the Byzantine operation, in part to win their support for needed appropriations, many of which are part of classified “black” budgets kept off official government books. Rockefeller declined to comment. In January a Senate Intelligence Committee staffer urged his boss, Missouri Republican Christopher “Kit” Bond, the committee’s vice-chairman, to supplement closed-door testimony and classified documents with a viewing of the movie Die Hard 4 on a flight the senator made to New Zealand. In the film, cyber terrorists breach FBI networks, purloin financial data, and bring car traffic to a halt in Washington. Hollywood, says Bond, doesn’t exaggerate as much as people might think. “I can’t discuss classified matters,” he cautions. “But the movie illustrates the potential impact of a cyber conflict. Except for a few things, let me just tell you: It’s credible.”

For the record:

“Except for a few things, let me just tell you: It’s credible.”
- Senator Christopher “Kit” Bond (R-MO) on Die Hard 4

Multiple Vulnerabilities in ALL Synology Products

Published
by
Dan Guido
on April 4, 2008
in Exploits, Network Security, Operating Systems, Press Release and Security Engineering
. 10 Comments

In an earlier post to my personal blog as well as to this blog, I enthusiastically recommended the Synology CS407 NAS as a data storage/backup platform. I am now taking that recommendation back.

Let me just say this: it seemed like a good choice at the time, and, if I could have trusted the vendor to deploy the software on it properly, it might still be. Here is a short summary of some of the issues I found:

Table of Vulnerability Exposure for Synology Products

You can skip to the full report here: A Security Audit of the Synology Disk Station Manager (DSM) v2.0-0590 Firmware.

What follows is a complete retelling of how I got here, sort of a lesson in vulnerability disclosure (not so much discovery, you’ll see why). It’s not pretty, I didn’t do all the right things, and it’s kind of long.

Continue reading ‘Multiple Vulnerabilities in ALL Synology Products’

A manifesto for fixing vulnerability disclosure

Published
by
Dan Guido
on February 18, 2008
in Exploits
. Comment

I think it’s safe to say that 99% of the security community believes that developing exploits and then selling them to security vendors is a Bad Thing, yet, to me, no one seems concerned enough about this activity to develop a viable, alternative model. Application developers hate it when you won’t tell them what’s wrong with their product. Application users (ie. the general public) hate that they can’t fix their software even if they wanted to. Of course, every single user of technology on the planet could just subscribe to 15+ security vendors product lines to get notice of these things… The entire idea seems antithetical to our purpose for existence, if we had one, namely to help secure every technology on the planet so that people can extend and build new ones.

Continue reading ‘A manifesto for fixing vulnerability disclosure’