Tuesday, November 27, 2012

Android 4.2 Security: App Signatures

It seems to be common knowledge now among security professionals that the Google Play Store is infiltrated with malware.  In an attempt to control the malware surge, Google is stepping up its efforts to clean house via security updates in 4.2.

One central mechanism appears to be signature-based recognition of apk files.  When an apk is loaded on a device, the app signature (most likely just a file hash) is uploaded to Google's servers for a reputation check.  It's cross-checked against Google's list of known and reported malware, and if found to be bad, the server sends the response to the Android Package Installer to prevent installation.  If the reputation states that the app requires suspicious permissions, it'll ask you to confirm that you're comfortable with installing it and list what access it's requesting.  ComputerWorld has a more in-depth explanation, for interested parties.  The only downside to all this is that unless rooted, we all have to wait on our carriers to release the update through their vetting marketing process.

This highlights another concept that's rapidly spreading across anyone getting into the software security space: leveraging the user base to protect the cloud.  I'll post another note expanding on that concept soon.
Read More

Sunday, November 25, 2012

Error Handling: Another Surface Attack Area to Minimize

Friends of mine know that I'm a huge Lifehacker.com fan, and in reading a recent article discussing how even though there's ample support for allowing people to rip their own DVDs to multiple devices, the U.S. Copyright Office still considers it illegal.  On a quick side note, the legal term to reflect this activity is called "space shifting."

Anyway, in the post there's a reference to the Internet Blueprint, a site which is apparently dedicated to discussions and petitions of opinion in how the Internet should be governed.  Interested, I clicked on the link to see what was on this "Internet Blueprint" and upon the page loading, what do I see?  This:

One practice of coding securely is taking care of your error handling so for those who "fuzz" the web application, any error output is so general that a hacker has a harder time making sense of what's running.  From this error however, I can clearly see that it's running on WordPress.  I can also see the directory structure, which adds to a hacker's "fingerprinting" of this system.

I thought it was interesting and decided I'd share the thought.
Read More

Sunday, November 11, 2012

Interesting Chrome Extension: "In My Words"

I just read about it on LifeHacker, but the function of In My Words is to replace words on the fly with words you specify as you browse the Internet.  David Galloway, the author of the article, mentions using it as a tool to replace words you find annoying.  If you're reading comments and are tired of seeing the words "OMG", "LoL", etc. this tool can replace those words with for instance, "That's Funny."  

When I was younger, I was a big fan of Mad Libs where you get a sentence to a paragraph in which words are missing and you have to make up the missing words.  It's played as a team-game, so the person writing the replacement words would ask the other person to pick a noun, verb, or adjective to fill in these gaps.  At the end, the result would be read aloud and sometimes it would be hilarious.  Anyway, I'm thinking that this extension could be used the same way.  Might be a fun distraction.

Read More

Thursday, November 8, 2012

Windows 8 Pain Point #2 - Erased, Wireshark Functions!

I wanted to look at a packet capture today, and realized I hadn't installed one of my favorite tools:  Wireshark.  For the uninitiated, Wireshark is dependent on the WinPCAP driver and when installing Wireshark you have to install the WinPCAP driver at the same time.  Much to my dismay, the WinPCAP driver fails during installation due to "known compatibility issues" in Windows 8.  

Even after downloading the driver separately and switching the compatibility settings on both installers to "Windows 7," it still fails.  I know it's only a matter of time until the folks at Wireshark/Riverbed update their software, but I'm saddened all the same.

Since I use Wireshark pretty frequently, I'll post an update once I get a working version.

Update (12/6/2012): I got the WinPCAP driver to install!  Just download the current version of Wireshark and install it.  It will error out during the installation of WinPCAP, but that's fine, complete the installer anyway.  Once you finish, go to the directory in which you installed Wireshark and right-click on the WinPCAP.exe file.  Click on the "Compatibility" tab and set it to Windows 7 and check the run as administrator at the bottom.  Then, when you run it, you'll still get an error but at least you can click on "Run the Program" to get it installed.

What I notice also is that when taking a PCAP (which works fine), it no longer observes the activity with the named interface I was used to - now it's just under a "Microsoft" interface.  But hey, it works!

Update (01/31/2014): I realized that I forgot to update this post.  Wireshark now works seamlessly on Windows 8/8.1 with the most recent version.
Read More

Windows 8 Pain Point #1

Continued from Three great things about Windows 8 so far...

The hotkey driver was another matter.  For starters, there was no driver for it for the Windows 8 64-bit driver set listed on Sony's website!  For those that have ever loaded an OS from scratch, this will immediately bring to mind one of the greatest features hotkeys provide, adjusting the brightness without having to navigate through control menus.

So there I was, squinting at my screen, pondering my next step.  Since Win7 provided backwards compatibility for applications, I figured Win8 did as well, so I downloaded the Win7 version of the driver.  Running the install program failed with a prompt informing me the driver couldn't be loaded for this OS.  I then thought (hopefully) that maybe Sony rolled up the hotkey functionality in some of their bloatware, so I went back to the Win8 list of software and installed everything.  Shortly after doing so I started receiving this error:

If I clicked "OK" my laptop immediately went into hibernation mode.  To make matters worse the prompt had an "Always On Top" attribute which refreshed my mouse/keyboard focus onto the prompt every 5 seconds.  I have to say, that was extremely annoying (this means you Sony).  A Google search revealed the culprit to be a program called "ISBMgr.exe" in the C:\Windows directory which was also added to the Startup Programs List.  Struggling for mouse/keyboard focus, I managed to open Task Manager and kill the program and the prompt thankfully went away.  I also disabled it in the Startup Programs List to make sure I didn't re-encounter it.  Why the program thinks something's amiss is a mystery to me.

Now that I had my mouse/keyboard control again I continued my search for hotkey functionality.  Device Manager hinted that the functionality depended on a driver for hardware id "SNY5001" - also known as the SFEP: Sony Firmware Extension Parser.  I found numerous posts in support forums related to similar circumstances and followed the trail.  It led me to a download posting of the most recently available driver version.  The download, luckily, was not a packaged installer - just the .inf and cab files needed.  Once I downloaded it, right-clicked on the .inf, and installed it I COULD ONCE AGAIN CONTROL LIGHT ITSELF.  Or at least control the brightness through hotkeys again.

So to summarize, I lost hotkey functionality after the upgrade to Win8 and installing all available Sony software I started receiving nigh-unavoidable prompts regarding my laptop battery.  With these now resolved, I continued exploring what else Win8 had to offer.  Because the driver files were such a pain to locate, I'm posting them for download here so others can save time.  

Please NOTE: I am in no way liable for your use of the drivers referenced for download.  They are provided AS-IS without any guarantee or warranty and users download the file at their own risk.  The hash of the uploaded file is:  BD9B677BEE0DC81E0C6F2D79EA165328DF8EC2AE
Read More

Three great things about Windows 8 so far

NOTE: I have not read about any features of Windows 8, so some of these items may already be old news.

I decided to go head and upgrade to Win8 and mess around with it for a week to see what's what.  I figured that if it was bearable, I would just stick with it.  So I installed Windows 8 Professional and my initial impression is that it's not vastly different than Windows 7, other than the obvious re-positioning of the start menu.  I'll expand more on that later.    

First up: Blazing Boot Time

To give a breakdown of system specs, I'm running an i7 2nd gen processor with 8 GB of RAM and a SATA III solid state drive.  I recently had Windows 7 on this this system and boot time was probably about 10-15 seconds.  That was already a vast improvement over my previous config, which included the Sony-branded Win7 and OEM SATA drive, where my boot time took about two minutes on average.  However, after installing Windows 8 my boot time decreased to literally less than 5 seconds.  And for those wondering what I mean by boot time, I consider it the point where you can click on a browser to start accessing a website.

Discovery: Native ISO support

I do find occasional use for ISO files, and after downloading one of them, I found I could double-click into it without Windows asking me what program I wanted to use to open it.  Shocked, I navigated out of the ISO and right-clicked on the file.  What did I see?  Low and behold, native support for ISO files!  Right click and mount is pretty nice, that's for sure.

Driver Support: overall better than Win7

After the initial OS load, I found only two unknown devices listed in my device manager.  One was a USB host controller, and the other was the hotkey controller for this laptop.  That means out of the at least 15 drivers I had to load separately in Windows 7, I now only had two!  Talk about a time-saver.  I loaded the USB host controller driver from Sony's website with no problem.  To read about the near-maddening battle in resolving these two driver issues, read on.

Read More

Monday, November 5, 2012

Flash is broken in Back Track 5 R3: Here's the fix

**updated scripts links as of 1/30/2013

In preparation for the CyberLympics, I wanted to have all my tools updated to the most recent available versions, and as a result I loaded the latest 64-bit revision of Back Track 5 (revision 3).  After registering and updating Nessus, I tried to log in through the web interface but kept getting an error that flash wasn't installed.

First, I tried downloading it from Adobe's site and walking through the install process that way, but most likely due to operator error it wasn't working for me.  After a quick Google search, I saw a post somewhere from someone having the same issue.  As a resolution, that person was kind enough to post a script that would download Firefox and Flash and install everything automagically.  I downloaded and ran that script myself, but it failed.  After some tinkering though, I got it to work!  So, for those who have downloaded Back Track 5 R3 and the flash plugin in Firefox isn't working for you, try this:

Copy the text above and paste into a file.  Make sure you name the file with a ".sh" extension and set the permissions so the file will run as an executable.  You can set the permissions in one of two ways:
  1. chmod u+x /path/to/file/filename
  2. chmod 700 /path/to/file/filename
Then just execute the script!  

I built it to download the latest 64-bit version of Firefox using a general link, so it will always grab the latest release.  For the Flash plugin, I had to specify the full file path, so remember to change it for future releases (unless you know how to make it generalized).

To recap, the script downloads the latest Firefox 64-bit build and the Flash 11 plugin, extracts and installs them.  All this was in effort to get into Nessus.  Hopefully this helps you save time!
Read More

Saturday, November 3, 2012

Global CyberLympics Results

UMUC Takes Second

The UMUC team has returned home from Miami as heroes!  Representing North America, we out-maneuvered six other teams from Hungary, Brazil, Australia, Nigeria, and Sri Lanka to take 2nd place.  The defending champions, hack.ers (Netherlands), were slow to start, but soon out-paced everyone in obtaining points and maintaining that lead.  The gap between first and second place only widened as the competition picked up pace.

Regardless of what our standing was throughout those grueling six hours, all UMUC team members were focused on doing our best.  It was hard-won, as we were competing with Hungary for that 2nd place ranking up until the very end.  

I was honored to be a member of the UMUC team and represent the United States in this global contest.  I learned so much in preparing for the event, that my mind is still filled with ideas for improving and optimizing the entire workflow.  At work the past two days, these ideas keep popping into the forethought.  This competition has had such an impact on me that it's altered my focus of what I want to do in my free time.  Now I find a burning desire to do everything I can to learn Ruby on Rails and Python so I can be well-versed in scripting components for metasploit.

What I learned most from this competition is that I still have so much to learn, and that the anticipation of doing so makes me excited to see what's next!

Read More