<$BlogRSDUrl$>

Monday, October 27, 2003

MS03-43 is the vulnerability in Windows' Messaging Service. This service is not to be confused with windows messenger which is totally different. However, this service is enabled by default in all versions of windows since Windows 98. If you're foolish enough to have not turned this off yet, I suggest you do.. why ? Because proof of concept code and an exploit are out in the wild. I'm posting the POC code for you to have a look at

Proof Of Concept MS03-43


If you want to know how you can safely disable the service :

1. Click Start
2. Click Run type 'services.msc'
3. Double click the 'Messenger' service
4. Stop the service
5. Change startup type to 'disabled'.

More news later.

Thursday, October 23, 2003

Just finished reading Stealing The Network: How To Own The Box. For those of you who haven't heard, its a book which concocts 10 fictitious hacking stories.. ranging from corporate espionage, to revenge.. and then showcases the hack with pretty good technical detail. Its been under a bit of controversy due to the usual ethics question. Frankly, though the book was really entertaining, there weren't any spectacularly new hacks.. I suppose that was part of the point -- to depict the genius involved in the strategy, rather than the tactics. All in all I'd give it a 7/10.

The rest of the day was spent prowling a certain small ISP here and sending a detailed list of issues to the admin, god knows if it'll be acted on. Wonderful security included the default enable password on the border router, as well as full dns zone transfers available for the taking.

Yknow when it comes to security, theres one bit of advice that nobody really gives and from my experience is the most important -- whatever shade of hat you wear -- its about being patient. Take things slowly.. whether you're scanning from the outside of the firewall, or dealing with an incident at your workplace -- take your time.....


Tuesday, October 21, 2003

Ive added a new link to the sidebar, its a site called djeaux.com and it provides aggregated news feeds from lots of different security news sources including bugtraq and full disclosure. The feeds are provided in RSS for an RSS reader as well as HTML for regular browsing. Very nice !

I'm still busy uploading parts of my library, actually thats the easy part, the hard part is renaming all the files and classifying the material. If I really have the time I'll try and give it all some uniform formatting -- don't count on that though.

All the material represents texts, tutorials or whitepapers that I have hand-picked because they represent original thought, interesting concepts, or just hard to find information. Consider it something like the good reading list

Here's a couple of teaser papers :
Advanced Host Discovery with Nmap
Probing Firewalls
HTTP Tunnels through proxies
Hardening the TCP Stack

All work is the copyright of the respective authors. If you want credit, or have a really good paper, let me know at sahir (at) firewall (dot) cx.

Thursday, October 16, 2003

So the newest version of Nmap supports version scanning. In other words, not just will it tell you that port 80 is open, it will tell you that port 80 is running IIS/4.0... it'll even do this if the webserver is using a different port altogether. How does it do this ? Heres all you wanted to know about Nmap Version Scanning.

Here we go again. Four new vulnerabilities from the worlds most popular O/s maker. Vulnerable systems include Win2k and XP.
Check it out
Oh and you might want it from the horse's mouth:
Microsoft Security Bulletin October 03

I'm busy uploading parts of my security and networking library. All the material in that library is hand picked and I'm quite proud of it. Of course you'll be able to access it all from here when I post a link.

Thursday, October 09, 2003

Just read a groundbreaking paper which was posted to bugtraq entitled 'Juggling With Packets'. It describes, both in theory and in practice, how to use the latency or delay in network communications to store vast amounts of data (around 2gb from a 28.8kbps modem alone !) 'on the wire'! In other words, you have your data in an intermediate state in the network.. not on your disk.. never accessible to anyone except you. They describe many practical examples, including storing data in an email that will bounce back to you. I really can't explain the subject over here, but this one's worth a read if you wanna see some of the foundation shattering thoughts that can come out of bugtraq. It would be incredible to see an implementation of this !
Juggling With Packets

Other stuff - I wrote a simple script for work that allows you to start simultaneous downloads on multiple machines and log the start and end time. I am modifying it to work in a master - slave fashion, so you can just issue a command on one system and get all the others to start downloading. Ill probably put up a link when its done so you can adapt it to any similar situations you might have.


Monday, October 06, 2003

Just started helping out at Chris Partsenidis' stellar networking site firewall.cx as forum moderator. If you're looking for original content on networking and network security topics, this is the place to go ! I know a lot of people who study for certifications using the material on the site. Make sure you check out the forums as theres a lot of good information there too. I've added a link to the sidebar.




This page is powered by Blogger. Isn't yours? instantRSS Get Firefox