Archive for the ‘InfoSec’ Category

This is sorta scary…

Monday, January 9th, 2006

This is sorta scary.

authored by none other than Mr. Metasploit his own self.

Q) Are there any other ways to obtain code execution besides via WMF files
viewed by PFV or Explorer?

A) Yes. Any application that accepts WMF files and calls PlayMetaFile with
the supplied data can be exploited. Some of these only recognize WMF
files with the placeable header, which may prevent the application from
reaching the SetAbortProc function. There are *many* other places where
standard (ie. included with the OS) applications call the PlayMetaFile
function, its just a matter of figuring out which ones can be used to
deliver the malicious WMF content. A potential vector includes the
display of icons stored inside of a standard executable. Viewing these
files in an Explorer directory listing could result in the execution of
code in an embedded WMF file. This has yet to be tested.

Office apps LIVE off WMF files. Think in “micro$oft” terms, I would bet that every application has different “playmetafile” functions. They are so married to the old school of coding, that is to say complete applications ready to stand on their own, that I would almost bet my check that at least SOME of the apps in Office have their own WMF players. You know, tools that aren’t that popular among malware writers…like Powerpoint, publisher, frontpage, and other apps where graphics are used extensively.

Perhaps another week of hell? Give’m time…give’m time…

Windows metafile vulnerability

Tuesday, January 3rd, 2006

Some “kind” soul apparently thought that us Network Geeks didn’t have anything planned for New Year’s Eve so they released a very VERY nasty little bug to keep us all entertained.

How nasty? How about you could already be infected and not know it.
Normally the protection against these threats is to simply not open email attachments you didn’t expect regardless of who they are from. I’ve received email attachments from MYSELF! The bad guys are crafty little buggers. Unfortunately, this latest threat is even craftier(is that a word?
It is now) than that. All you need to do is visit a website that is seeking to infect you and whammo…yer done.

Think of this thing as a mugger except that you never know you were mugged.
It lurks out there and when it attacks you will never know exactly what it has done because that part is incredibly easy to change. It could just make your applications open or close and it could install software that captures every keystroke you make and sends it “home”. So, you get infected and you visit your online banking site…you have just sent your banking site’s username and password to the bad guy and didn’t even know it.

The vulnerability is…guess…A Microsoft problem. **SHOCK**. The problem effects every version of Windows since 1990. Microsoft has said they will release a patch in 7 days. During that time we fully expect this thing to wrap around the world several times resulting in a very VERY bad situation.
Thanks M$. Tom Liston posted this at ISC which sums up my thoughts well.

Thankfully, the geek community has pulled together and came up with a patch that will take care of the problem. Microsoft be damned.

If you are unsure if you are safe from this bug, trust me that you ARE NOT safe from this bug. If you are running a fully patched Windows computer, you are vulnerable and swinging in the breeze. Patch yourself NOW by doing the following:

* Right Click here

* select “save link as” (if you don’t see ‘save link as’ then you aren’t using Firefox. Get it here .)

* select a location to save the file and make note of that location. I recommend “Desktop”.

* Once the file is downloaded, go to your desktop, find the file, and double click it.

* Answer in the affirmative to whatever questions are asked.

This patch has been tested by the best network security engineers in the world. It is the ONLY thing that will protect you from this thing. Since we can’t trust Micro$oft, we have to trust ourselves. Read Tom Liston’s piece on Trustworthy Computing here, it explains why we have to trust this patch.

For the technical folks out there, you can read the following links for a detailed analysis of this monster.

http://isc.sans.org/diary.php?date=2005-12-31

http://www.f-secure.com/weblog/archives/archive-122005.html#00000752 start here and read up to see how my New Year’s Eve was spent for the most part.
๐Ÿ˜‰

Welcome to 2006 folks.

Abramoff and his buddies

Tuesday, January 3rd, 2006

You are right Michelle, Abramoff is a sleaze bag. Anyone who is knowingly in bed with him is also a sleaze bag.

Call me an idealist but I think public servants should be completely transparent. It should come with the job. There is no more privacy for you. Your tax records, from the moment you are sworn in, becomes public record. I’m not advocating anything here, it’s a fact. Maybe not a legal fact but it is certainly a Red Pill fact. The only way to completely avoid having your privacy stripped from you is to avoid even the appearance of impropriety. That is something the current Governor of Kentucky has failed to grasp. We’ll see how many of our public servants in DC have also failed to grasp it.

We, the people, elect you because we believe in you and your ideas. When you garner the appearance of impropriety your integrity is called into question and we will have no further use for you. At least that is how it should be.

Here’s hoping that few, if any, get caught up in this mess. But for those that do, regardless of party, may you rot in prison for a very long time with a violent cellmate who mistakenly believes you are a child molester. I don’t care if you are Speaker Hastert or Congressman Chandler…Leader Frist or Senator Bunning.

Keep your nose clean folks.

Patriot Act extended for 6 months

Wednesday, December 21st, 2005

AP reports a deal may be in the works in the Senate to extend the Patriot Act for 6 months. Four Republicans want their “grievances” addressed in the next debate and given an agreement to that effect they will vote for the extension.

Michelle Malkin reports via Kathryn Lopez at NRO that there are still four more votes needed for cloture and those have to be Senate democrats. Tall order that, it would appear.

If nothing else, this proves that direct action against our elected folks in DC is far more productive than having battles of wits with unarmed opponents. Keep the calls\faxes\letters going to DC!

FISA and SigInt

Tuesday, December 20th, 2005

My oh my how this has stirred up a mess. We have supporters of the President reaching for anything they can find to support the Signals Intelligence gathering on American Citizens during wartime while the “loyal” opposition supporters of the barbarians are screaming for impeachment and waxing poetic about civil liberties.

While the barbarian supporters can do little to harm the President, the supporters of the President are causing all manner of problems by just muddying the waters. Uncle Jimbo at Blackfive is doing just that by drawing Clinton’s SigInt activities into the question. Uncle Jimbo, THEY. DON’T. CARE. All they want to do is hurt this President and, as you can tell in the comments to your post, you bringing up Clinton only gives them ammunition.

People…calm down. You are not going to convince the Anti-American citizens to change their minds, they just want to play a tit for tat game with this President. Let them rant and target your wrath to the Congressmen and Senators in your districts and states. Hammer them to investigate the leak of this program to the New York Crimes/Washington Boast. **THAT** is the real crime here. If a desk jockey at the CIA can stir up an investigation about her being “outed”, then surely this meets a similar(though far more sober) standard.

But, this is the world we live in now. The story is out and the lengths taken by NSA to rip my civil liberties apart should be investigated. Like Smash, I hope this investigation doesn’t harm our National Security more than the initial leak but with the barbarian supporters thinking they see blood in the water…well…it’s going to be a very interesting Winter.

Army Knowledge Online issues

Tuesday, December 13th, 2005

Yesterday Blackfive posted an article about the AKO phishing site. It seems that the enemy has taken down the malicious content and replaced it with a redirect to the official AKO site.

This causes a couple of interesting new problems. With the help of Milblogs everyone is scared to death to go to the link provided in the email they receive from the bad guys. But now, the link provided in the email resolves to the CORRECT AKO site. Looks like it’s forwarding/redirecting to the actual site now.

So, we have a site that is impersonating another site for the purposes of credential theft. Once the impersonating site is compromised the bad guys just redirect to the REAL site. So what happens in 6 weeks or so when the hype is slowed down and b0b.org turns off their redirect? Same code will do the same thing, same warnings go out saying the same thing, and we run the very serious risk of boy crying wolf or the appearance there of.

Army folks, you stay vigilant out there. This domain is owned by an individual in Canada and, one would assume, is in control of his website. The individual seems to be a respected developer, having had contributed content to CPAN. I would hate to see a solid Perl developer run out of town because he’s secretly scamming folks.

So…if the individual in question would like to clear his name, here’s the opportunity. Is this person running a site attempting to defraud members of the United States Army of their credentials? I somehow doubt it but would LOVE to hear it straight from him.

UPDATED: I heard from him and he did the right thing. He’s just a reseller so he’s not directly at fault here. Again, he did the right thing and that’s all I’m prepared to say publically.

Reality II – with illustration

Wednesday, December 7th, 2005

Today a tragic event played out at Miami International Airport. A man with Bi-Polar disorder had failed to take his medication and declared that he had a bomb. An Air Marshall ordered the man to the ground at which point the man reached for a carryon bag. Air Marshall did what he had to do and now the man is dead from one or more pistol rounds.

Referencing yesterday’s rant, That is reality. Now for an illustration of the contrived world of a Blue Pill person:

Federal Airport Nazis execute unarmed citizen

The Federal Marshalls assasinated an innocent citizen in Miami. These idiots murdered an unarmed passenger once they had him on the ground. Here’s a prediction. They will discover that 1) he wasn’t a terrorist and 2) he didn’t have a bomb and 3) he was unarmed and 4) they over-reacted and killed the poor man. Of course, this is just the price we have to pay for living in a police state.

Mr. Wallie left this on the Counterterrorism blog as a track back to their report of the incident.

1) The man wasn’t innocent. He was sick but certainly not innocent. Claiming to have a bomb in an airport is likely to get you shot in any airport in the world. Well, except France.

2) He was never on the ground willingly although he was ordered to the ground.

3) True he wasn’t a terrorist but how would the Air Marshall know that? The guy said he had a bomb and was reaching for his bag. Is Air Marshall supposed to wait until AFTER he’s been blown up to try and stop him?

4) True again, he didn’t have a bomb but how would the Air Marshall know that? Ask him? Wait for the hand to come out of the carry on bag with a rubber chicken?

5) They didn’t over react. Over reacting would have been jumping to conclusions before even confronting the man with the order to get on the ground. You are well familiar with jumping to conclusions though.

6) They did kill the man and it turned out to be a tragic, yet necessary, killing.

7) Police State? perhaps you are also off your medication.

Reality

Tuesday, December 6th, 2005

Reality is the rake that breaks your nose after you forgot and left it in the yard. Reality is that nasty cut on your hand when you fall on the broken glass. Reality is the bastards in the world ready to slowly strip the skin from your children while you and your wife are bound and forced to watch. Reality is the bastards in the world that fly airplanes full of innocent men, women, and children into buildings full of innocent men, women, and children. Reality sucks.

Fortunately we have a whole bunch of people in this country that refuse to accept the basic reality based fact that there are people in the world that will kill you for the simple pleasure of watching you die. No reason. No oppression. No political balderdash wrapped in an upside down American flag. These are the people that work for Human Rights Watch and the other people who cling to their outrageous reports exposing covert CIA locations around the world. Is it outrageous because the reports are false? I doubt it. Maybe because the locations are wrong? Doubt that to. It’s outrageous because these people don’t get it…they don’t understand what reality is.

I’m with Uncle Jimbo at Blackfive:

I’m about ready to just moor an aircraft carrier 50 miles off DC and centralize all funky operations out of there. Surround it with a bunch of Aegis Cruisers decked out with anti-missile gear and float a few shark boats underwater and Game on!

Here’s alittle more reality. We are at war. The enemy will stop at NOTHING to “win” and to them that means destroy America. While we are fighting terrorists the world over we fight this war against our own citizens who cannot accept reality. These people are the epitomy of Blue Pill People. They can’t see the real world because they are too busy looking at their contrived world where we can all just hug and sing some stupid song to get along.

You know what happens when you try to hug pre-war Saddam Hussein? His thugs kill you. You know what happens when you try to hug ol’ Stumpy Zarqawi? He knocks you down and slowly relieves you of your brain bag. If we capture Zarqawi do you really think a nice cushy cell, 3 Islamic friendly meals a day, Prayer Beads, and a Koran is going to make him tell us about his network? Well you are wrong. The only way to get this barbarian to talk is to threaten him with a slow painful not-quite-death…and then exercising your option of it. They don’t fear death…they do fear pain for they are cowards.

Is the above activity against the standards of a civilized society? Absolutely. But, dear reader, let me ask you this:

Since when has civilized behavior won a war of attrition?

That’s the reality of this War on Terror, deal with it.

Update: Of course, Wretchard of the Belmont Club has an excellent article related to this. He goes into the moral issues surrounding torture. Excellent excellent read…as always.

Protect your Privacy Website owners!

Tuesday, November 22nd, 2005

Alright people. There are bad guys in the world that if they take offense at something you put on your website might just try and track you down. Many people sign up with their web host provider and allow that provider to register a domain name. Usually it’s wrapped into the deal and people just jump on it. The webhost, through absolutely no fault of their own, use the account information the new client gave them. This information typically includes their name, billing address, and phone number. That information gets added into the Domain Name System or DNS.

DNS is what makes the world wide web so easy to use. It takes an easilly recognized domain name like “www.yahoo.com” and ultimately turns it into an IP address like “216.109.117.108” which is the webserver that actually holds the information you see when you visit that domain name. Each DNS entry has 2 basic contacts; an Administrative and Technical contact. The webhost who registers your domain name for you will enter your information in the Administrative contact.

“Ok, so what’s the problem?” you ask? Well, here’s the deal, if you go to one of the many “whois” services out there you can query these DNS records and see this information. Let’s say I have decided that I want to do harm to the owner of the blog at C-J-DES.ORG.
(more…)

Schoolyard Rhetoric – The last bastion of modern liberalism

Sunday, November 20th, 2005

Michelle Malkin has to be one of my favorite “talking heads”, columnists, and bloggers. She’s always on target with brilliant research, logic, and wit. It helps that she’s Conservative but I would appreciate her talents regardless of her political stripe.

Tonight I read her blog entry, “JUST A YELLOW WOMAN DOING A WHITE MAN’S JOB“, and found myself wanting to reach through the screen and either hug her or strangle the bastards causing her such grief. They can’t argue positions with her, for surely they would lose, so they begin insulting her. Not even insulting her positions…no…that would be a slightly higher road. No, they choose to go for the elementary school tactics of attacking her physical appearance and calling her names I wouldn’t reserve for a rabid dog.

Of course, we are used to this behavior from the left. When they fail to win the election at the ballot box and ultimately in the courts, they fall back on calling the President illegitimate, attacking his daughters, and constantly reminding him of his misspent youth. When the Vice President speaks out against Gay Marriage they tear into his family, reminding us all that his daughter is Lesbian. Can’t engage him in the arguement…no no…attack his family. Woe be unto the person who uses the same tactics against them but any rational person would never think of it.

We witnessed it again Friday night when the Republicans called Rep. Murtha’s bluff. Suddenly Republicans were calling him unpatriotic when the word was never mentioned. Suddenly Republicans were calling him a coward EVEN BEFORE Rep. Jean Schmidt relayed the message from her constituent.

It’s the same old story, the same old song and dance, my friend(c). I believe it’s here to stay. There is no way to wrench these attitudes, personalities, and character faults from these people. The Dems don’t have a monopoly in the Marketplace of Idiocy either. Republicans are chock full of them as well. It’s pure stupidity. The kind of stupidity that burns Crosses in yards, gathers Jews into cattle cars, and flys planes into buildings. The “people” saying these things about Michelle are no better, and possibly worse, than the barbarians we are fighting in Iraq, Afghanistan, and many many other places.

And now, at the risk of running afoul of Mr. Malkin, allow me to talk about the qualities of Michelle that the “loyal” opposition find so troubling. I won’t speak of her abilities and talents because they don’t. I will say she has her priorities in order. She’s a Believer in Christ first, a Mother to her children second, a wife\lover\friend to her Husband third, and somewhere down the list…she’s a Conservative. Her first priority tells everyone that these attacks are expected. Her second priority tells everyone that you really should think twice before attacking a Mother’s children. Her third priority tells everyone she’s sweet and gorgeous and probably had her pick of men…Mr. Malkin should count himself the second luckiest man in the World next to me. Somewhere down the list her Conservatism tells everyone that she understands that sometimes a line must be drawn.

When you attack someone’s family you are crossing a line that, up until recent years, can be a Very. Dangerous. Thing. Where I come from such a verbal attack would definately provoke an immediate violent reaction resulting in bruised knuckles and broken noses.

God Bless You Michelle Malkin. Your friends out here know you because of the content of your Character and not the color of your skin…which is sexy as “aw gitout” by the way. ๐Ÿ˜‰

Frist has to go

Tuesday, November 15th, 2005

If this is true, and it’s from the NY Times so ya never know, then Bill Frist has to go from his leadership position.

Senator Frist: Lead, Follow, or get the hell out of the way.

Battle of Wits

Monday, November 14th, 2005

This past weekend has been interesting. Here we are 5 years into the War on Terror and 2.5 years into the Battle in Iraq and President Bush has been quietly going about the business of freeing 50 million people while his political enemies have made all kinds of wild accusations against him personally as well as politically. He hasn’t said a word to directly counter these attacks(some legitimate, most not so legitimate).

Many of his “agents” have defended the policies of the President but they haven’t, and shouldn’t, have the weight of the President himself.

It’s like watching a boxing match where one fighter steps out of the corner and takes the punchs of his opponent for 5 rounds without so much as a hint of defense.

Then came this on, as fate would have it, Veterans Day:

While it is perfectly legitimate to criticize my decision or the conduct of the war, it is deeply irresponsible to rewrite the history of how that war began.

Followed by this:

They know the United Nations passed more than a dozen resolutions citing his
development and possession of weapons of mass destruction. Many of these critics supported my opponent during the last election, who explained his
position to support the resolution in the Congress this way: ‘When I vote to give the President of the United States the authority to use force, if necessary, to disarm Saddam Hussein, it is because I believe that a deadly arsenal of weapons of mass destruction in his hands is a threat, and a grave threat, to our security.’ That’s why more than 100 Democrats in the House and the Senate, who had access to the same intelligence voted to support removing Saddam Hussein from power.

and then this:

The stakes in the global War on Terror are too high, and the national interest is too important, for politicians to throw out false charges. These baseless attacks send the wrong signal to our troops and to an enemy that is questioning America’s will.

Ahhh…refreshing ain’t it? Three solid punches that sent the “loyal” opposition to the Sunday talk shows with wobbly knees. I almost felt sorry for Senator Rockefeller when I read the transcript from Fox News Sunday at Powerline:

WALLACE: But you voted, sir, and aren’t you responsible for your vote?

SEN. ROCKEFELLER: No.

WALLACE: You’re not?

SEN. ROCKEFELLER: No. I’m responsible for my vote, but I’d appreciate it if you’d get serious about this subject, with all due respect. We authorized him to continue working with the United Nations, and then if that failed, authorized him to use force to enforce the sanctions. We did not send 150,000 troops or 135,000 troops. It was his decision made probably two days after 9/11 that he was going to invade Iraq. That we did not have a part of, and, yes, we had bad intelligence, and when we learned about it, I went down to the floor and said I would never have voted for this thing.

WALLACE: My only point sir, and I am trying to be serious about it, is as I understand Phase Two, the question is based on the intelligence you had, what were the statements you made? You had the National Intelligence Estimate which expressed doubts about Saddam’s nuclear program, and yet you said he had a nuclear program. The President did the same thing.

And Glenn Reynolds caught an interesting exchange on CBS:

SCHIEFFER: President Bush accused his critics of rewriting history last week.

Sen. McCAIN: Yeah.

SCHIEFFER: And in–he said in doing so, the criticisms they were making of his war policy was endangering our troops in Iraq. Do you believe it is unpatriotic to criticize the Iraq policy?

Sen. McCAIN: No, I think it’s a very legitimate aspect of American life to criticize and to disagree and to debate. But I want to say I think it’s a lie to say that the president lied to the American people. I sat on the Robb-Silverman Commission. I saw many, many analysts that came before that committee. I asked every one of them–I said, `Did–were you ever pressured politically or any other way to change your analysis of the situation as you saw?’ Every one of them said no.

See Mr. President? Come out swinging and you get some backup QUICKLY. They look to YOU, sir, for leadership.

Tonight the President will continue his rebuttle in Alaska with a few more punches:

Reasonable people can disagree about the conduct of the war รขโ‚ฌโ€œร‚ยญ but it is irresponsible for Democrats to now claim that we misled them and the American people.

and this:

Some of our elected leaders have opposed this war all along. I disagree with them, but I respect their willingness to take a consistent stand. Yet some Democrats who voted to authorize the use of force are now rewriting the past. They are playing politics with this issue and sending mixed signals to our troops and the enemy. That is irresponsible.

So…here we are, well into the fight and my fighter is beginning to land some punches. Of course, it’s easy to win a battle of wits when your opponent is so incredibly unarmed.

San Fran Proposition H to Ban Firearms

Wednesday, November 9th, 2005

San Francisco Proposition H:

Shall the City ban the manufacture, distribution, sale and transfer of firearms and ammunition within San Francisco, and ban City residents from possessing handguns within San Francisco?

Amendment II, United States Constitution:

A well regulated militia, being necessary to the security of a free state, the right of the people to keep and bear arms, shall not be infringed.

There is a STUNNING difference in these two items. One has been the guiding light of our Republic for 220 years while the other…well…hasn’t. This temporary ordinance will hit the 9th Circus and be roundly applauded before being smacked back to Alcatraz by SCOTUS. Until that happens I’m considering a pool. The winner will be the individual who picks the number closest to the number of firearm related crimes in the city of San Francisco above the rate from last year through the month of April. I’m thinking at least a 20% increase myself.

Microsoft to join the Web2.0 Revolution?

Sunday, November 6th, 2005

It seems that Microsoft sees folks like Google and Yahoo and sees yet another threat. Since they can’t really reverse engineer web applications they have to try and beat their adversaries through traditional means…in the market place.

The company will offer “Office Live” to help small and midsize businesses use and maintain the suite of software used for applications such as e-mail, scheduling, spreadsheets and word processing.

Let’s see what we have here. Microsoft offering web applications that will help small and midsized businesses. I’d bet my next paycheck these applications will require Internet Explorer so they can exploit the vulnerability known as ActiveX. So, the technology responsible for these kinds of spyware, trojan, and other illegal installations should be trusted when users are entering their business information? Not sure I would go there myself.

No thanks guys…I’ll continue to use Firefox. Since you guys have “upped the anty” on Google and Yahoo I’ll just wait for one of them or someone else to beat you at your own game. You did know that OpenOffice is open source right? How long do you think it will take for someone put that up on a webserver for us all to use? That is if it hasn’t been done already.

Dump ActiveX or at least make it SAFE for the masses who don’t know how to avoid the bad guys out there.