Archive for May, 2009

« Older Entries

Security awareness is astonishing low

Sunday, May 24th, 2009

A couple of weeks ago I went on a social engineering job with a colleague. It was pretty easy, but part of this was because my colleague had persuaded the department manager to sent an e-mail throughout the department which was basically a clearance for everything we where going to do.

So last week I went again, and had expected it to be much harder, but it was nothing like that. Access to the building was secured by RFID readers but tailgating was easy, the employee just kept the door open for us! We stayed in the building for an hour, and visited almost all rooms. Just a couple of people asked us who we where, and what our business was but they where easily fooled by some stupid explanation, which if you think about it doesn’t fit the situation.

Last night I was think about this, and came to the conclusion that out of security aspect, most people are way to friendly and trustful.
But from a human aspect it is kind of  nice to have a chat with someone, even if you don’t know him/her.

Tags:
Posted in Security | No Comments »

Kylin SecureOS website down

Monday, May 18th, 2009

As described in an earlier post I had found a possible SQL injection vulnerability in the website of the Chinese Kylin OS.
Now it turns out the website is unreachable:
The kylin.org.cn website resolves to 220.169.30.241

Non-authoritative answer:
Name:    kylin.org.cn
Address: 220.169.30.241

A traceroute brings me as far as 222.247.29.74

traceroute to kylin.org.cn (220.169.30.241), 30 hops max, 40 byte packets

13  61.137.0.134 (61.137.0.134)  282.076 ms  282.077 ms *
14  61.187.255.222 (61.187.255.222)  291.674 ms  291.695 ms  291.988 ms
15  222.247.29.74 (222.247.29.74)  288.679 ms  289.049 ms 222.247.29.70 (222.247.29.70)  287.816 ms
16  * * *
which essentially tells me not very much, because it could be the next-hop(s) to the actual server are discarding ICMP requests.
By doing a complete nmap scan  on the complete subnet. I noticed there are multiple hosts online surrounding the IP address I now know there is a route to the server, but it is just not active:

nmap 220.169.30.0/24 -sP

Starting Nmap 4.62 ( http://nmap.org ) at 2009-05-18 11:36 CEST

Host 220.169.30.239 appears to be up.
Host 220.169.30.242 appears to be up.
Host 220.169.30.243 appears to be up.
Host 220.169.30.244 appears to be up.
Host 220.169.30.245 appears to be up.
Host 220.169.30.246 appears to be up.
Host 220.169.30.247 appears to be up.
Host 220.169.30.249 appears to be up.
Host 220.169.30.250 appears to be up.
Host 220.169.30.251 appears to be up.
Host 220.169.30.252 appears to be up.
Host 220.169.30.253 appears to be up.
Host 220.169.30.255 appears to be up.

So I think we can assume there are a few reasons why the site is down, and I ordered them in the way I think  is most likely:

  • The website has been takendown because of all attention drawn to the project
  • The website has been takendown by a Hacker, or has been takendown to fix the leak I found
  • The website is overloaded by traffic due to all attention drawn to it, although I think this is highly unlikely. ( it probably would respond to ICMP requests ).

Tags:
Posted in Hacking, Security | No Comments »

Schuldig bevonden aan rijden onder invloed?

Thursday, May 14th, 2009

Volgens dit artikel kun je controles gedaan met het apparaat “Alcotest 7110″ van de fabrikant Draeger in twijfel trekken. De software die in het apparaat geladen is bevat grote fouten waardoor het resultaat in twijfel getrokken kan worden.
Onder de fouten bevinden zich onder andere:

  • Het gemiddelde wordt verkeerd berekent. Het apparaat berekent eerst het gemiddelde van de twee eerste waarden, en gebruikt dat om het gemiddelde te berekenen met de volgende waarde. Hierdoor krijgen de eerste waarden een groter gewicht dan de daarop volgende waarden.
  • De hardware die de alcohol “meet” kan waardes aan de software geven van 0 tot 4095. Doordat de software de waarden door 256 deelt hoeft de software maar met 16 getallen te werken; hierdoor is de meting vele malen minder nauwkeurig dan wanneer met  4096 waarden gewerkt wordt.
  • De software heeft geen “catastrophic error detectie” ingebouwd. Hierdoor kan het zijn dat het apparaat ongemerkt foute code uitvoert, en het uiteindelijke alcohol percentage dus niet klopt.

Goed opletten dus wanneer je aangehouden wordt, het zou zomaar kunnen zijn dat je dit apparaat onder je neus geduwt krijgt!

Tags:
Posted in Dutch | No Comments »

Talking about ironic…

Tuesday, May 12th, 2009

Today I noticed a tweet about the chinese building a secure OS supposely to be targeted at an upcoming cyberwar.
I thought it was interesting, so I googled the name Kylin ( which is the name of the project ) and found kylin.org.cn which was in Chinese.

(more…)

Tags:
Posted in Hacking, Security | 1 Comment »

SIEM

Thursday, May 7th, 2009

Recently I have had the privilege of being involved in the selection of a SIEM ( Security Information and Event Management ) system. It really was an eye opener.
Up to now I had mostly worked as a technical Engineer, and although security had been one of my main focus points in my work I had never insights at such a high level.
(more…)

Tags:
Posted in Security | 3 Comments »

« Older Entries