Willy Dobbe - hack

Cisco's IP Journal on IP spoofing

Tue, 12 Feb 2008 11:38:12 +0100

Over at the "Internet protocol Jornal (issue 10.4) you can find a good read on the dangers of IP spoofing. This problems is very old and very wide known. Even when I was in networking (1997-2002) this was wideley known and there was an easy cure. So I dont understand why Cisco decided to publish this now, a decade ago it would have been yesterdays news.

Everyone who ever read the TCP/IP bible (TCP/IP illustrated) knows this. All you have to configure on a router is IP UNICAST REVERSE PATH, in combination with cisco CEF. Then all packets that are routed are inspected. If the sender address (the From IP address) is in the routing table, it is checked to see if the router would route it the packet would have been send over the same interface the packet orginated from. If so, the sender is valid and the packet is routed, if not, it is proabbly a forged packet and it is dropped. That simple, one command and there is no IP spoofing anymore. In 1998 cisco released this feature I think, a decade ago!

All ISP's (at least in the Netherlands) have this kind of ingress filtering acitvated on their routers since a decade, it is impossible to spoof and route a packet in the Netherlands and most parts of the world for that matter.

I remember though that Casema (which I used as a cable modem provider between 1996-2001) didnt have this feature for some time. You could route a packet towards 1.1.1.1 with the sender address 10.255.255.255. 1.1.1.1 would give an "ICMP unreachable message" from the border routers of casema and it would be send towards the complete internal network -all systems- of Casema creating a kind of internal DoS.

But to publish this article one decade after a decade seems like rerunning old stories. 10 years is on the net a lifetime.

Stupidity

Tue, 03 Apr 2007 11:52:29 +0200

Social Engineering: Because There Is No Patch To Human Stupidity

— Podcast 93 of TWIT

Skype protocol hacked? Skype functionality going mobile?

Wed, 15 Nov 2006 04:31:23 +0100

Skype Hacked! Skype Made Mobile!

It’s true. The rumors have been confirmed. Skype is going mobile! But not in quite the way you might have expected it! Skype has been hacked. Officially.

See the "proof" video on the skypejournal.

Als je stem prive wilt houden, kies dan geen CDA

Thu, 12 Oct 2006 16:31:10 +0200

Als je je stem wel wilt uitbrengen, maar zeker wilt weten dat niemand anders die ziet, stem dan geen CDA!

Okay, dat is niet helemaal de boodschap van wijvertrouwenstemcomputersniet.nl (de boodschap is dat digitaal stemmen zoals nu in Nederland plaats gaat vinden niet auditable is en niet veilig), maar wel een leuk bij-effect.

Wij Vertrouwen Stem Computers Niet (een vandaag)

Wed, 04 Oct 2006 13:11:18 +0200

wijvertrouwenstemcomputersniet.nl, een site waar ex hacker ex hacktic ex xs4all ex ITSX Gonggrijp en conrnuiten duidelijken maken waarom vernieuwing zonder transparantie achteruitgang is (oudere posting). En vandaag dus ~~twee~~ een vandaag (yek!) kijken om te zien hoe eenvoudig nedap het ons gemaakt heeft om de democratie te stelen. Zie de teaser op youtube.

Drupal coding: How to handle text in a secure fashion

Fri, 08 Sep 2006 00:54:18 +0200

When I did my first Unix system administration back in 1996 or so, I immediately did have a lot of respect for the beauty of Unix and system adminstrators who know, eat, sleep and dream Unix. Shortly after I got my first root prompt, there was this buzz, there was an option to bring down any Unix (and every other BSD TCP/IP stack) system with just one simple "ping command".

This was later knowns as the Ping of Death. This was an attack against the network layer of the OSI stack. Soon followed by even easier Denial of Service attacks like flood, smurf and the likes.

A couple of years later, attacks moved to a higher level, all the lower stuff was less easy to "hack". So we saw a lot of "buffer overlow" attacks in the late 90ies. This kind of attack is still happening, but most attention is now focussed to once again a higher level. So a couple of years back, we saw a lot of attacks on the application level.

For webservices, Cross Site Scripting (XSS) was the most used one. Most CMS-es, including better ones like Drupal did have these vulnabilities in them. And still, there are some Drupal modules that still have this kind of potential abuse in them. So when you do coding, it is not so hard to make code that can do what is should; match the functional requirements thet you or your customer defined. It is hard to make code that wont do what you dont want. Most customers are very good in describing what they want; to come up with a functional design. But nearly all of them fail to define what shouldnt

be possible.

If you think you or your customer didnt define what shouldnt be possible, make sure you read the "How to handle text in a secure fashion" page on Drupal.org

When handling and outputting text in HTML, you need to be careful that proper filtering or escaping is done. Otherwise there might be bugs when users try to use angle brackets or ampersands, or worse you could open up XSS exploits.

In a year or two we will be done with these XSS exploits and label it as yesterdays news. But will we still suffer from "even higher" attacks like SQL injection with the automated test tools that are available for good or evil now?

CrossSiteScripting (XSS)

Tue, 15 Aug 2006 00:58:04 +0200

The other day I just happen to do some investigation to sites that my employer hosts that are vulnable to XSS. From the dozen of heavy volume Dutch sites I tested, half of them could be "infected" with a simple Javascript page. I used the excellent ha.ckers.org XSS page.

Note from the author: XSS is Cross Site Scripting. If you don't know how XSS (Cross Site Scripting) works, this page probably won't help you. This page is for people who already understand the basics of XSS attacks but want a deep understanding of the nuances regarding filter evasion. This page will also not show you how to mitigate XSS vectors or how to write the actual cookie/credential stealing/replay/session riding portion of the attack.

And sure enough, people reacted like "so you can display an alertbox or a cooke. Whats the big deal?" For some, it took me some time to show the dangers. But now I have this extreme cool detailed XSS howto on
The XSS Vulnerability" href="http://www.informit.com/articles/article.asp?p=603037&rl=1">informit regarding "XSS, Cookies, and Session ID Authentication – Three Ingredients for a Successful Hack > The XSS Vulnerability

. Reading that, anyone can understand the potential / aka danger of XSS

Cross site scripting (XSS) errors are generally considered nothing more than a nuisance — most people do not realize the inherent danger these types of bugs create. In this article Seth Fogie looks at a real life XSS attack and how it was used to bypass the authentication scheme of an online web application, leading to "shell" access to the web server.

Seven detailed pages.

Hacking Exposed, VOIP

Sun, 06 Aug 2006 01:19:19 +0200

Hacking Exposed VoIP Voice over IP Security Secrets and Solutions by David Endler and Mark Collier.

Here you can donload the security tools mentioned in the book. I have some books from this serie and think I might buy this one as well.

Though most of the reviews on Amazon are not positive. El Reg has some notes on it as well. (Yes I know that the picture isnt the right one for the cover of the book, but I could find the right one)

Cracker

Mon, 19 Jun 2006 11:21:23 +0200

MSFT site gedefaced. Standaard nieuws. Zeldzaam nieuws, een massa medium dat hacker en cracker niet verward: nu.nl/internet

Een Turkse cracker is erin geslaagd een website van Microsoft Frankrijk te bekladden.

Shakespeare and monkeys

Mon, 12 Jun 2006 13:02:30 +0200

Just an idea for an cool hardware mash-up (an "hack" in oldspeak)

Wouldn't be great(in any case very Brazil)to

take an old type writer
insert a sheet of electronic paper in the roll
add an USB interface to the keyboard.
Disable necessary mechanical bits
add a small form cpu
record a great "ding"

And create a typewriter with electronic paper output..and finally a decent spellchecker. An nice addition to Mobile Rotary Dial phones

And the changes for the monkeys would improve significantly.

silver needle in the skype

Wed, 05 Apr 2006 09:23:10 +0200

One of the best researches I have seen on Skype, the disadvantages and how to block it. Great Stuff and must read if you are into routing, security or VOIP in general.

skype needle.

This post should have been posted from a KPN Hotspot...

Sun, 05 Mar 2006 16:44:16 +0100

But it was too damn cold and the wifi crapped out every time a train came into the station..

Of course posting from a hotspot is nothing special but this was different: I was using socks over SSH over an DNS tunnel to the TOR network. I had read the initial articles about using DNS as a covert channel to tunnel IP traffic from closed Wifi hotspots a couple years ago but last weekend I was staying in an hotel with expensive Wifi and an 2 hour minimum so I decided to check what the state of the art of DNS tunneling is.

And it turned out to be pretty easy using SSH and a little perl script and a willing DNS server from the TOR network; it worked like a "slow" charm from my home network and the train journey from Haarlem offered a great opportunity for a field test but the stops in the stations were too short to post anything so I ended sitting outside on the platform but gave up after my fingers got too numb to type...the stuff I do for willy...

IE's security settings

Sun, 19 Feb 2006 22:54:00 +0100

Internet Explorer Security Humor, This one minute animation was created to help people understand Internet Explorer's security levels.

Leet speak owned network

Tue, 17 Jan 2006 13:51:19 +0100

Carolina news owned.
Funny indeed.

Enable Windows Security

Thu, 29 Dec 2005 13:42:14 +0100

xpy - that is right, it is egg's pie

Small tool which disables the default threats of a Windows XP installation. Besides disabling Windows and some of its components to communicate with Microsoft servers, xpy improves privacy settings and your system's security.
Features:
• Disable Windows "calling home"
• Disable questionable services
• Disarm Internet Explorer
• Disarm Windows Media Player
• Remove Windows Messenger
• Improve privacy and security
• Improve performance

Sounds more like a de-install of Windows according to MSFT. You might as well install Linux For Humans. I did that the other day as well on my Work Laptop and it fits my needs...