I could spend hours talking about how much of a good time Chris Mills and I had at DC16 or I figured you all could just tune in for EP8 which we’ll be recording tonight. There are a lot of people we need to thank for their hospitality as well as the free beer! We made all kinds of new friends and it was great finally being able to put names to faces. While you’re waiting for the live show tonight, follow the links below for some pics of the Podcasters Meetup as well as the live show recorded live from DC16!
In case you don’t have a television, radio, or even the Internet, which means you wouldn’t be reading this. One of the greatest cyber crimes of all time has finally come to a halt, or so they think…
Eleven people in the US city of Boston have been charged with credit card fraud. The US authorities say the suspects stole the data from more than 40 million credit cards.
The hackers obtained the information by installing software in computers and databases of banks and major store chains. They also drove through residential districts with a laptop to hack into personal computers with wireless connections.
Prosecutors speak of the biggest credit card swindle in US history. The suspects, who have US, Estonian, Ukrainian, Belarus and Chinese nationalities, allegedly embezzled tens of millions of dollars.
So while I’m sitting at DEFCON 16 enjoying a “free” bar tab, I wonder if I’ll see it show up my own credit card since I could quite possibly be funding one of these parties and not even know until it’s too late. Oh well, that’s what the fraud department is for right…
As many of you already know this DNS vulnerability has taken the community as a whole by storm. For you snort guys out there, here is the latest DNS signature that may help you detect such activity. Props to alexkirk from the #snort channel for hooking us up!
Implement at your own risk! Simply cut and paste as it looks pretty nasty below:
alert udp $EXTERNAL_NET 53 -> $HOME_NET any (msg:”DNS large number of NXDOMAIN replies - possible DNS cache poisoning”; byte_test:1,&,3,3; classtype:misc-attack; reference:cve,2008-0087; reference:url,www.microsoft.com/technet/security/bulletin/MS08-020.mspx; reference:cve,2008-1447;
reference:url,www.microsoft.com/technet/security/bulletin/MS08-037.mspx; threshold: type threshold, track by_src, count 1000, seconds 30;)
I know I’m a few days late, however Snort Security Platform (SnortSP) 3.0 Beta is available from Snort’s website. SnortSP 3.0 is the software platform which has traffic analysis engine modules that plug into SnortSP. It still runs on the 2.8.2 detection platform but it runs as a SnortSP engine module.
Some of the major features include:
Shell-based user interface with embedded scripting language
Native IPv6, MPLS and GRE support
Native support for inline operation
More subsystem plugin types such as data acquisition modules, decoders and traffic analyzers
Multithreaded execution model - multiple analysis engines may operate simultaneously on the same traffic
Performance increases
I’ve been messing around with it for a few days now and have found it to be an entirely different program altogether as the syntax and commands to get it up and running can become rather of a headache when first starting out. Overall though I like the idea of multiple detection analysis engines as well as the shell-based interface therefore preventing you from simply killing the snort process inadvertently. Anyways, thought I’d let you all know that it’s there now for all your sniffing needs!
So unless you’ve been living under a rock for the past couple of years, you should be quite familiar with the term “rainbow tables” and know how unbelievably awesome these are. A fellow colleague and I were in a pinch the other day and had no way of cracking an md5 hashed password as we simply didn’t have access to a set of rainbow tables, nor did we have time to wait for 0phcrack and JTR to brute force it. So we stumbled across a free site that has over 1.6 million known hashes available.
The site is called Hash Mash and it simply allows you to plug in the md5 and just hit decrypt or create an md5 using the encrypt tab. Rainbow tables work unbelievably fast and has helped many people in my situation as well as the forensics field. However be aware that if the password is encrypted then you will run into some issues that will require a higher level of understanding in order to break the encryption, for starters, knowing the original encryption algorithm being used. Be sure to check this site out for all of your “ethical” cracking needs.
**If you are in the position to download rainbow tables for offline use then you can visit the Shmoo Group and download them there too. Happy cracking [|:) <-my interpretation of a white hat.
